Global coalition dismantles Tycoon 2FA phishing kit

Tycoon 2FA, a major adversary-in-the-middle phishing kit that enabled MFA bypass and widespread credential compromise, was dismantled in a coordinated global operation led by Microsoft and Europol. The platform, attributed to a group tracked as Storm-1747, powered control panels and fraudulent login pages across 330 seized domains, facilitated tens of millions of phishing messages (peaking at >30M/month), and is linked to roughly 96,000 victims since 2023, including critical incidents affecting healthcare and education organizations.