Global phishing-as-a-service platform taken down in coordinated public-private action
TL;DR
A coordinated international operation led by Europol has disrupted Tycoon 2FA, a phishing-as-a-service platform that bypassed multi-factor authentication, taking down 330 domains used for large-scale account compromise.
Source: Europol
A major phishing-as-a-service platform used to bypass multi-factor authentication (MFA) and enable large-scale account compromise has been disrupted following a coordinated international operation supported by Europol. The service, known as Tycoon 2FA, provided cybercriminals with a subscription-based toolkit designed to intercept live authentication sessions and gain unauthorised access to online accounts, including those protected by additional security layers. The action was carried out by law enforcement partners and private sector stakeholders working hand in hand, coordinated by Europol’s European Cybercrime Centre (EC3). As part of the disruption, 330 domains forming the core infrastructure of the criminal service, including phishing pages and control panels, were taken down. Full Story