Ethical Hacking News
Law enforcement has successfully disrupted the Tycoon 2FA phishing-as-a-service platform, cutting off a major pipeline for account takeovers and protecting millions of users from follow-on attacks. The PhaaS was responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide.
Microsoft, Europol, and industry partners successfully disrupted the Tycoon 2FA phishing-as-a-service (PhaaS) platform. The PhaaS was responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. The disruption cuts off a major pipeline for account takeovers and helps protect users from follow-on attacks like data theft and financial fraud. Law enforcement agencies and tech companies must continue to cooperate to combat emerging threats like phishing-as-a-service platforms.
Microsoft, Europol, and industry partners have successfully disrupted the Tycoon 2FA phishing-as-a-service (PhaaS) platform used by thousands of cybercriminals to impersonate real users and gain unauthorized access to email and online service accounts. The joint effort was led by Microsoft, with assistance from various law enforcement agencies around the world.
According to recent reports, the Tycoon 2FA PhaaS has been responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By mid-2025, the service accounted for approximately 62 percent of all phishing attempts blocked by Microsoft, including more than 30 million emails in a single month. This placed Tycoon 2FA among the largest phishing operations globally.
The PhaaS leveraged URL rotation by abusing open redirect vulnerabilities on third-party websites as one of its evasion mechanisms. Another mechanism that enabled the protection of malicious instances generated by Tycoon 2FA was the misuse of Cloudflare (Workers). The author of Tycoon 2FA actively updates the tool with regular kit updates, making it a challenging target for law enforcement agencies.
The disruption of the Tycoon 2FA PhaaS platform is significant because it cuts off a major pipeline for account takeovers and helps protect people and organizations from follow-on attacks such as data theft, ransomware, business email compromise, and financial fraud. According to Resecurity, a cybersecurity firm that acquired access to Tycoon 2FA, the service was linked to an estimated 96,000 distinct phishing victims worldwide since 2023, including more than 55,000 Microsoft customers.
This operation highlights the need for continued vigilance and cooperation among law enforcement agencies, tech companies, and industry partners in combating cybercrime. The partnership between Microsoft, Europol, and other organizations demonstrates a commitment to protecting users from emerging threats like phishing-as-a-service platforms.
In conclusion, the disruption of the Tycoon 2FA PhaaS platform is a significant victory for law enforcement agencies and a major setback for cybercriminals. As technology continues to evolve, it will be essential to remain vigilant and proactive in addressing new threats and vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Law-Enforcement-Takes-Down-Tycoon-2FA-A-Global-Phishing-as-a-Service-Operation-ehn.shtml
https://securityaffairs.com/189205/cyber-crime/law-enforcement-disrupted-tycoon-2fa-phishing-as-a-service-platform.html
Published: Tue Mar 10 04:28:22 2026 by llama3.2 3B Q4_K_M
