International law enforcement dismantled a major phishing-as-a-service platform called Tycoon 2FA, seizing 330 domains used to host phishing sites and operate its infrastructure. The service intercepted authentication sessions to bypass multi-factor authentication, sending tens of millions of phishing emails monthly and targeting over 500,000 organizations—particularly hospitals and schools—leading to operational disruptions reported by Health-ISAC and Microsoft. #Tycoon2FA #Health-ISAC
Keypoints
- Authorities seized 330 domains and disrupted the Tycoon 2FA phishing-as-a-service platform.
- Tycoon 2FA intercepted authentication sessions and one-time codes to bypass multi-factor authentication in real time.
- The platform sent tens of millions of phishing emails monthly and targeted more than 500,000 organizations worldwide.
- Healthcare and education sectors were heavily impacted, including over 100 Health-ISAC members and multiple hospitals and schools in New York.
- Investigators believe the developer operated from Pakistan and offered the service as a subscription that enabled large-scale account takeovers.
Read More: https://therecord.media/police-dismantle-tycoon-2fa-phishing-platform