By Kasturi Datta |
Microsoft, the EU's law enforcement agency Europol and partners have disrupted cybersecurity attacks by Tycoon 2FA, a global phishing-as-a-service platform
Tycoon 2FA has enabled a high number of cybercriminals to by-pass multi-factor authentication and gain unauthorised access to email accounts, including Microsoft 365, Outlook and Gmail since 2023. The service has been linked to an estimated 96,000 phishing victims worldwide, of which more than 55,000 were Microsoft customers.
Microsoft worked with Europol’s Cyber Intelligence Extension Program (CIEP) to successfully seize 330 active Typhoon 2FA domains that power the platform’s control panels and fraudulent login pages.
“Tycoon 2FA combined convincing phishing templates, realistic landing pages and real-time capture of credentials and authentication codes into an easy-to-use package that scaled quickly,” said Steven Masada, assistant general counsel of Microsoft’s digital crimes unit, in a recent blog post.
“By lowering the technical barrier to entry, it allowed criminals with limited expertise to run sophisticated impersonation campaigns.”
Tycoon 2FA has been operating much like a business within an impersonation-for-hire ecosystem and delegating tasks including mass email delivery and malware distribution to other services, such as RaccoonO365, Lumma Stealer and Red Virtual Dedicated Server.
With the CIEP framework, Microsoft has brought public and private-sector partners across Latvia, Lithuania, Portugal, Poland, Spain and the UK together to deploy cross-border action and accelerate the disruption of Tycoon 2FA and other harmful services.
Microsoft’s Digital Crimes Unit is also targeting single services that enable impersonation and applying sustained pressure to weaken their functionality and raise the risk and cost of cybercrime for attackers. For example, RedVDS has lost more than 95 per cent of its infrastructure since January 2026, and other service operators have resorted to retreating into close channels or shutting down altogether to avoid legal action.
“Sustained, coordinated pressure is essential, especially as cybercrime becomes more scalable through automation and AI,” said Masada.