Microsoft and Partners Take Down Phishing-As-A-Service Site Tycoon 2FA

A major blow has been dealt to cybercrime operations with the takedown of Tycoon 2FA, a phishing-as-a-service site. This move was made possible through a coordinated effort between Microsoft, Europol, and 12 other partners. The operation aimed to disrupt the activities of thousands of threat actors who used Tycoon to steal credentials and bypass multi-factor authentication.

According to reports, Tycoon was responsible for tens of millions of fraudulent emails sent to over 500,000 organizations every month. This scale of operations allowed attackers to exploit users' accounts without triggering authentication prompts. The site also had up to 2,000 users and operated more than 24,000 domains since its launch in August 2023.

Microsoft stated that it seized 330 active domains powering the site and its control panels under a court order from the U.S. District Court for the Southern District of New York. Additionally, the primary developer of Tycoon was identified as Saad Fridi, based in Pakistan. Coinbase also played a crucial role in this operation by helping to trace crypto payments that funded Tycoon's activities.