Infosecurity Magazine

Tycoon2FA Phishing Service Resumes Activity Post-Takedown

2026-03-23 · Read original ↗

ATT&CK techniques detected

4 predictions

T1566.002Spearphishing Link

98%

"tycoon2fa phishing service resumes activity post - takedown despite a major law enforcement operation earlier this month, tycoon2fa, a subscription - based phishing - as - a - service ( phaas ) platform, has continued to compromise email accounts and bypass multifactor authentica…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

87%

"##ng meerkat phaas platform spoofs 100 + brands however, activity quickly returned to early 2026 levels. in an advisory published last week, crowdstrike said it observed at least 30 suspected tycoon2fa - enabled phishing incidents between march 4 and march 6, involving decoy and …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1598Phishing for Information

56%

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1583.001Domains

44%

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA