"Tycoon 2FA combined convincing phishing templates, realistic landing pages, and real‑time capture of credentials and authentication codes into an easy‑to‑use package that scaled quickly. By lowering the technical barrier to entry, it allowed criminals with limited expertise to run sophisticated impersonation campaigns."
"Despite extensive defenses, the service is linked to an estimated 96,000 distinct phishing victims worldwide since 2023, including more than 55,000 Microsoft customers. Tycoon 2FA accounted for roughly 62% of the phishing attempts Microsoft blocked last year, with the platform sending tens of millions of phishing emails to 500,000 organizations every month."
"The disruption of the cybercrime platform involved court orders, intelligence from major cybersecurity firms, and the seizure of 330 active Tycoon 2FA domains, including control panels and phishing pages. Law enforcement agencies in Latvia, Lithuania, Portugal, Poland, Spain, and the UK were involved in disrupting Tycoon 2FA."
Europol, Microsoft, and multiple cybersecurity companies executed a joint operation to dismantle Tycoon 2FA, a subscription-based phishing platform enabling threat actors to impersonate users, create phishing pages, and bypass multi-factor authentication. The platform combined convincing phishing templates, realistic landing pages, and real-time credential capture into an accessible package that lowered technical barriers for criminals. Tycoon 2FA accounted for approximately 62% of phishing attempts Microsoft blocked annually and sent tens of millions of phishing emails to 500,000 organizations monthly. The disruption involved court orders, intelligence from cybersecurity firms, and seizure of 330 active domains. Law enforcement from Latvia, Lithuania, Portugal, Poland, Spain, and the UK participated, alongside security companies including Cloudflare, Proofpoint, Intel471, and others.
#phishing-as-a-service #cybercrime-takedown #multi-factor-authentication-bypass #law-enforcement-operation #credential-theft
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]