Cybereason Security Services Team ·
2025-11-03 ·
Read original ↗
ATT&CK techniques detected
5 predictions
T1566.002Spearphishing Link
95%
"tycoon 2fa phishing kit analysis the tycoon 2fa phishing kit is a sophisticated phishing - as - a - service ( phaas ) platform that emerged in august 2023, designed to bypass two - factor authentication ( 2fa ) and multi - factor authentication ( mfa ) protections, primarily targ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598Phishing for Information
76%
"tycoon 2fa phishing kit analysis the tycoon 2fa phishing kit is a sophisticated phishing - as - a - service ( phaas ) platform that emerged in august 2023, designed to bypass two - factor authentication ( 2fa ) and multi - factor authentication ( mfa ) protections, primarily targ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
64%
"tycoon 2fa phishing kit analysis the tycoon 2fa phishing kit is a sophisticated phishing - as - a - service ( phaas ) platform that emerged in august 2023, designed to bypass two - factor authentication ( 2fa ) and multi - factor authentication ( mfa ) protections, primarily targ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566Phishing
49%
"tycoon 2fa phishing kit analysis the tycoon 2fa phishing kit is a sophisticated phishing - as - a - service ( phaas ) platform that emerged in august 2023, designed to bypass two - factor authentication ( 2fa ) and multi - factor authentication ( mfa ) protections, primarily targ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
38%
"tycoon 2fa phishing kit analysis the tycoon 2fa phishing kit is a sophisticated phishing - as - a - service ( phaas ) platform that emerged in august 2023, designed to bypass two - factor authentication ( 2fa ) and multi - factor authentication ( mfa ) protections, primarily targ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor authentication (MFA) protections, primarily targeting Microsoft 365 and Gmail accounts. Utilizing an Adversary-in-the-Middle (AiTM) approach, it employs a reverse proxy server to host deceptive phishing pages that mimic legitimate login interfaces, capturing user credentials and session cookies in real-time. According to the Any.run malware trends tracker, Tycoon 2FA leads with over 64,000 reported incidents this year.
.png)