Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Europol-led takedown of Tycoon 2FA

Law Enforcement
First reported
Last updated
Happening score
H score 40
2 unique sources, 2 articles

Summary

Hide ▲

Europol and partner agencies dismantled Tycoon 2FA, a phishing-as-a-service toolkit used for AitM credential harvesting, removing a major cybercrime platform and disrupting its infrastructure. The operation took down 330 domains tied to the service and matters because Tycoon 2FA had enabled large-scale account takeover activity across organizations worldwide.

Related Happenings

Tycoon2FA device-code phishing campaign targeting Microsoft 365

Campaign
First: 17.05.2026 17:43 Last: 17.05.2026 17:43 Sources 1

About this happening: The **Tycoon2FA** phishing operation added **device-code phishing** to hijack **Microsoft 365** accounts, expanding its ability to steal access tokens and reach email, calendar, a...

Open Happening

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...

Open Happening

Amazon SES phishing and BEC abuse campaign

Campaign
First: 04.05.2026 23:03 Last: 04.05.2026 23:03 Sources 1

About this happening: A phishing campaign is abusing Amazon Simple Email Service (SES) to send convincing emails that can bypass standard authentication and reputation-based defenses. Attackers are usi...

Open Happening

Europol-led arrests in Albanian scam call center fraud case

Law Enforcement
First: 30.04.2026 13:00 Last: 30.04.2026 13:00 Sources 1

About this happening: **Europol** said a **two-year operation** ended with **10 arrests** at suspected **Albanian scam call centers**, disrupting a professionalized **investment fraud** network. Police...

Open Happening

Austrian-Albanian cryptocurrency fraud ring takedown

Law Enforcement
First: 29.04.2026 17:27 Last: 29.04.2026 17:27 Sources 1

About this happening: Austrian and Albanian authorities **dismantled** a **cryptocurrency investment fraud ring**, escalating a cross-border cyberfraud case that allegedly caused **over €50 million** i...

Open Happening

Timeline

  1. 17.04.2026 22:05 1 articles · 1mo ago

    Tycoon 2FA takedown drives phisher migration and device code phishing rise

    Campaign Scope Update

    Following the Europol-led Tycoon 2FA takedown, phishers worldwide moved to rival PhaaS providers such as Mamba 2FA, EvilProxy, and Sneaky 2FA, while device code phishing accelerated and some actors reused Tycoon-era PDFs, source-code quirks, and techniques in EvilTokens-style account takeover campaigns.

    Show sources
    Open in new tab
  2. 05.03.2026 08:51 2 articles · 2mo ago

    Europol-led takedown of Tycoon 2FA infrastructure

    Legal Policy Action Update

    Europol and private-sector partners dismantled Tycoon 2FA, a subscription-based phishing-as-a-service toolkit used for adversary-in-the-middle credential harvesting and account takeover. The coordinated operation removed 330 domains tied to phishing pages and control panels, disrupting a service that first emerged in August 2023 and was later linked to over 64,000 phishing incidents, tens of millions of phishing emails each month, and unauthorized access to nearly 100,000 organizations globally.

    Show sources
    Open in new tab