THE Tycoon 2FA phishing-as-a-service (PhaaS) platform continues to operate despite a global crackdown involving Europol and Microsoft, which resulted in the seizure of 330 domains linked to the service. Active since 2023, Tycoon 2FA is responsible for a significant portion of phishing attempts, generating over 30 million malicious emails monthly and compromising roughly 96,000 distinct victims worldwide. Following a brief decrease in activity post-takedown, operations swiftly returned to normal levels.
CrowdStrike reports that the platform uses various tactics such as phishing emails, session cookie theft, and malicious JavaScript for credential harvesting. The takedown may have temporarily hindered customers' phishing operations, but the impact on Tycoon 2FA's overall activity was minimal.