Europol-coordinated action disrupts Tycoon2FA phishing platform
Bleeping Computer
by Sergiu GatlanMarch 4, 2026
AI-Generated Deep Dive Summary
An international law enforcement operation coordinated by Europol has successfully disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform responsible for sending tens of millions of phishing messages each month. The operation, supported by Microsoft and other leading cybersecurity companies, resulted in the seizure of 330 domains that formed the backbone of the criminal infrastructure, including control panels and phishing pages. This collaborative effort involved law enforcement agencies from Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom, all working under Europol's coordination.
The investigation was triggered after intelligence about Tycoon2FA was shared by Trend Micro to Europol. This information was then disseminated through Europol's EC3 Advisory Groups and operational networks, enabling a coordinated strategy to dismantle the platform. Tycoon2FA had been active since August 2023, targeting nearly 100,000 organizations worldwide, including government institutions, schools, and healthcare organizations. By mid-2025, it was generating tens of millions of phishing emails monthly, affecting over 500,000 organizations and accounting for 60% of all blocked phishing attempts.
The platform operated as an "adversary-in-the-middle," using a reverse proxy server to intercept victims' login credentials and session cookies in real-time during attacks on Microsoft and Google customers. This allowed attackers to hijack authenticated sessions and bypass multi-factor authentication (MFA) protections, even though the login process appeared normal to users. Tycoon2FA also enabled threat actors to impersonate trusted brands by mimicking sign-in pages for services like Microsoft 365, Outlook, Gmail, and others.
Sold on Telegram for $120 per 10-day access, Tycoon2FA lowered the barrier
Verticals
securitytech
Originally published on Bleeping Computer on 3/4/2026