A major international law enforcement operation, led by Europol and Microsoft with support from TrendAI and other industry partners, has successfully dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform. The operation resulted in the seizure of over 300 domains used to facilitate advanced phishing attacks. Tycoon 2FA was notorious for its adversary-in-the-middle (AitM) capabilities, allowing low-skill attackers to bypass multi-factor authentication (MFA) by capturing session cookies and credentials in real-time.
Since its emergence in 2023, the platform has supported approximately 2,000 users and utilized more than 24,000 domains to target major services like Microsoft 365 and Google. The takedown highlights the effectiveness of cross-industry collaboration in disrupting the cybercrime ecosystem. Organizations are advised to adopt phishing-resistant MFA and layered security strategies, as stolen credentials and session cookies from previous campaigns may still be in circulation.
Top comments (0)