Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft, Europol Take Down Global Phishing as a Service Network Which Was Able to Bypass 2FA with Ease

  • On March 4, 2026, Europol coordinated an international operation disrupting Tycoon2FA and taking 330 domains offline, with Microsoft leading technical efforts across Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom.
  • Tycoon2FA first emerged in August 2023 as an adversary-in-the-middle reverse proxy intercepting credentials, one-time passcodes, and session cookies to bypass MFA and compromise nearly 100,000 organizations.
  • Researchers linked the operation to monikers SaaadFridi and MrXaad, noting it had more than 24,000 domains and roughly 2,000 users at disruption, sold via Telegram for $120 for 10 days.
  • The takedown is a setback but does not eliminate the threat as previously stolen credentials and active session cookies may persist; TrendAI will continue monitoring and support investigations.
  • Security experts say the takedown highlights that MFA alone is insufficient and recommend phishing-resistant authentication, strict conditional access, advanced email security, real-time URL inspection, and continuous identity-risk monitoring as identity is the primary attack surface.
Insights by Ground AI

38 Articles

Cybersecurity DiveCybersecurity Dive
Center

Microsoft, Europol disrupt global phishing platform Tycoon 2FA

The service helped cybercriminals bypass multifactor authentication and led to business email compromise and ransomware.

Read Full Article
La LibreLa Libre
Center

An "Odoo for Pirates" Dismantled: Nearly 100,000 Victims, Including Schools

An international operation coordinated by Europol has resulted in the dismantling of Tycoon 2FA, an online service used by cyber criminals to hack large-scale accounts. ...

·Brussels, Belgium
Read Full Article
Silicon RepublicSilicon Republic
Center

Major phishing operation disrupted in joint Europol action

A joint operation has disrupted one of the largest phishing-as-a-service platforms worldwide, ‘Tycoon 2FA’.

Read Full Article
Tech RadarTech Radar
Reposted by
technewstube.comtechnewstube.com
Center

Microsoft, Europol take down global phishing as a service network which was able to bypass 2FA with ease

Tycoon 2FA is no more thanks to a major law enforcement operation.

·United Kingdom
Read Full Article
CyberScoopCyberScoop
Center

Global coalition dismantles Tycoon 2FA phishing kit

Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle attacks, was dismantled Wednesday by a global coalition of security companies and law enforcement agencies. Microsoft, which led the effort alongside Europol and authorities from six countries and 11 security firms or organizations, said it seized 330 domains that powered Tycoo…

Read Full Article
ObservadorObservador
Lean Right

Larger "Physhing" Platform for International Operation that Counted with Pj

PJ explained that the Tycoon 2FA platform was in operation since August 2023 and allowed "to pass multifactor authentication mechanisms and ensure illegal access to e-mail boxes".

·Portugal
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 89% of the sources are Center
89% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, March 4, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Cyberattacks icon

Cyberattacks

European Union icon

European Union

Technology icon

Technology

Cybercrimes icon

Cybercrimes

Cryptocurrency icon

Cryptocurrency

Blockchain icon

Blockchain

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal