"Tycoon 2FA has been responsible for 62% of the phishing attempts blocked by Microsoft in 2025, generating over 30 million malicious emails monthly and targeting half a million organizations."
"Despite the seizure of 330 active Tycoon 2FA domains and legal actions against individuals linked to the service, CrowdStrike reports that the disruption left only a minor dent in its operations."
"Following the law enforcement operation, Tycoon 2FA activity volume dropped to roughly 25%, but quickly returned to previous levels, indicating resilience in its operations."
"Tycoon 2FA's tactics, techniques, and procedures (TTPs) have not changed post-takedown, suggesting that the service's operations may persist beyond this disruption."
Tycoon 2FA is a subscription-based phishing-as-a-service platform that has persisted despite international law enforcement efforts to disrupt it. Active since 2023, it accounts for a significant portion of phishing attempts, generating over 30 million malicious emails monthly and targeting around half a million organizations. Recent takedown efforts by Europol and Microsoft had minimal impact, with operations quickly returning to pre-disruption levels. The platform employs various tactics, including phishing emails and credential theft, to compromise accounts and bypass multi-factor authentication.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]