Major phishing-as-a-service platform Tycoon 2FA has been disrupted following a Microsoft-led operation that involved Europol and half a dozen law enforcement authorities, as well as 11 security organizations, including Proofpoint, Intel 471, and Trend Micro, CyberScoop reports.The global crackdown effort has resulted in the sequestration of 330 domains used by Tycoon 2FA, which was developed and sold by the Storm-1747 threat operation, with Microsoft having able to dismantle the PhaaS kit's infrastructure following a court order. Nearly 62% of attempted phishing attacks blocked by Microsoft by the middle of 2025 have been attributed to Tycoon 2FA, which has been tapped to primarily compromise healthcare and education organizations, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada. Such neutralization of Tycoon 2FA is expected by Proofpoint researcher Selena Larson to significantly minimize the threat posed by the phishing platform."...[E]ven if Tycoon 2FA is able to create new domains and infrastructure, the brand will be significantly harmed, with customers either purchasing less effective phishing kit, or potentially rethinking their life choices and getting out of the game," Larson added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds