Authorities pull plug on Tycoon 2FA phishing-as-a-service platform

Tycoon 2FA, a phishing-as-a-service platform that allowed cybercriminals to bypass MFA and break into online accounts, has been disrupted by law enforcement agencies and cybersecurity partners.

Takedown of the Tycoon 2FA phishing-as-a-service platform (Source: Europol)

Active since August 2023, Tycoon 2FA was among the largest phishing operations worldwide. At its peak, the platform accounted for about 62% of phishing attempts blocked by Microsoft, according to investigators.

The service operated on a subscription model and gave cybercriminals tools to intercept live authentication sessions and access online accounts, including those protected by additional security layers.

During the operation, investigators took down 330 domains used by the platform for phishing pages and control panels.

“At scale, the platform generated tens of millions of phishing emails each month and facilitated unauthorised access to nearly 100,000 organizations globally, including schools, hospitals and public institutions,” Europol stated.

Microsoft led the technical disruption of the service with support from private sector partners, while law enforcement in Latvia, Lithuania, Portugal, Poland, Spain and the UK seized infrastructure in an operation coordinated by Europol.