Global coalition dismantles Tycoon 2FA phishing kit | CyberScoop<\/title> <meta name=\"description\" content=\"Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform\u2019s core infrastructure. The alleged creator was also named in a civil complaint.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/tycoon-2fa-phishing-kit-takedown-microsoft\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Global coalition dismantles Tycoon 2FA phishing kit\"> <meta property=\"og:description\" content=\"Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform\u2019s core infrastructure. The alleged creator was also named in a civil complaint.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/tycoon-2fa-phishing-kit-takedown-microsoft\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-04T22:32:34+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-04T22:32:37+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png\"> <meta property=\"og:image:width\" content=\"1723\"> <meta property=\"og:image:height\" content=\"1103\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770755286g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88050\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88050\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftycoon-2fa-phishing-kit-takedown-microsoft%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftycoon-2fa-phishing-kit-takedown-microsoft%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88050 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/tycoon-2fa-phishing-kit-takedown-microsoft\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.600688468158\">\n<div class=\"single-article__header-content\" readability=\"36.280952380952\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/tycoon-2fa-phishing-kit-takedown-microsoft\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform\u2019s core infrastructure. The alleged creator was also named in a civil complaint. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88050\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"410\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit.png?resize=640%2C410&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Microsoft and authorities dismantled Tycoon 2FA's infrastructure. A seizure notice is displayed on of the phishing platform's domains March 4, 2026. (Microsoft)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png 1723w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=300,192 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=768,492 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=1024,656 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=1536,983 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=600,384 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=262,168 262w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=526,337 526w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=1054,675 1054w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit-1.png?resize=1317,843 1317w\" sizes=\"(max-width: 1054px) 100vw, 1054px\"><figcaption> Microsoft and authorities dismantled Tycoon 2FA’s infrastructure. A seizure notice is displayed on of the phishing platform’s domains March 4, 2026. (Microsoft) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"59.858821299981\"><body readability=\"124.42600797519\"><\/p>\n<p>Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle attacks, was <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/global-phishing-service-platform-taken-down-in-coordinated-public-private-action\">dismantled Wednesday by a global coalition<\/a> of security companies and law enforcement agencies.<\/p>\n<p>Microsoft, which led the effort alongside Europol and authorities from six countries and 11 security firms or organizations, said it seized 330 domains that powered Tycoon 2FA\u2019s core infrastructure, including control panels and fraudulent login pages.<\/p>\n<p>The platform, which emerged in August 2023, was <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/03\/04\/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale\/\">responsible for tens of millions of phishing messages<\/a> that reached more than 500,000 organizations globally each month, according to Microsoft Threat Intelligence. Thousands of cybercriminals used Tycoon 2FA to break into email and online services, including Microsoft 365, Outlook, SharePoint, OneDrive and Google services.<\/p>\n<p>\u201cBy mid\u20112025, Tycoon 2FA accounted for approximately 62% of all phishing attempts Microsoft blocked, including more than 30 million emails in a single month. That placed Tycoon 2FA among the largest phishing operations globally,\u201d Steven Masada, assistant general counsel at Microsoft\u2019s Digital Crimes Unit, said in a <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2026\/03\/04\/how-a-global-coalition-disrupted-tycoon\/\">blog post<\/a> about the takedown. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cDespite extensive defenses, the service is linked to an estimated 96,000 distinct phishing victims worldwide since 2023, including more than 55,000 Microsoft customers,\u201d Masada added. <\/p>\n<p>The phishing kit, which was developed and advertised by a group Microsoft tracks as Storm-1747, was sold to cybercriminals on Telegram and Signal for $350 a month. The platform provided core components for phishing on a single dashboard that allowed cybercriminals to configure, track and refine their campaigns.<\/p>\n<p>The platform also provided cybercriminals with pre-built templates, attachment files for common phishing lures, domain and hosting configuration and redirect logic, Microsoft said. The monthly volume of phishing messages attributed to Tycoon 2FA peaked at more than 30 million messages in November 2025.<\/p>\n<p>Organizations in education and health care were hit hardest by phishing attacks enabled by Tycoon 2FA. More than 100 members of Health-ISAC, a co-plaintiff in the <a href=\"https:\/\/noticeofpleadings.com\/tycoon2fa\/#\">court case<\/a> filed in the U.S. District Court for the Southern District of New York, were successfully phished, Masada said. <\/p>\n<p>Two hospitals, six schools and three universities in New York confronted attempts or successful compromises via Tycoon 2FA, resulting in incidents that disrupted operations, diverted resources and delayed patient care, he added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft and Health-ISAC filed a <a href=\"https:\/\/noticeofpleadings.com\/tycoon2FA\/files\/Complaint\/06.%20Complaint.pdf\">civil complaint<\/a> against alleged creator Saad Fridi and four unnamed associates, demanding a $10 million injunction, for developing, running and selling Tycoon 2FA. The court order allowed Microsoft to dismantle and take ownership of Tycoon 2FA\u2019s technical infrastructure.<\/p>\n<p>Authorities from Latvia, Lithuania, Portugal, Poland, Spain and the United Kingdom assisted with the operation alongside Cloudflare, Coinbase, Crowell & Moring, eSentire, Intel 471, Proofpoint, Resecurity, Shadowserver, SpyCloud and Trend Micro. <\/p>\n<p>Selena Larson, staff threat researcher at Proofpoint who provided a <a href=\"https:\/\/noticeofpleadings.com\/tycoon2FA\/files\/ApplicationForTRO\/18.%20Larson%20Declaration%20ISO%20Application%20for%20TRO.pdf\">formal declaration in support of the court order<\/a>, said Tycoon 2FA was responsible for the highest volume of adversary-in-the-middle phishing attacks observed by Proofpoint. <\/p>\n<p>\u201cTycoon was the biggest MFA phishing threat in our data, and we anticipate seeing a significant decrease after this operation,\u201d she told CyberScoop.<\/p>\n<p>\u201cMany customers will find their hacking tool is no longer working, and even if Tycoon 2FA is able to create new domains and infrastructure, the brand will be significantly harmed, with customers either purchasing less effective phishing kit, or potentially rethinking their life choices and getting out of the game,\u201d Larson added.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Tycoon 2FA\u2019s easy-to-use and robust capabilities contributed to its popularity, researchers said. The platform\u2019s codebase was updated regularly and operators generated a high volume of subdomains for brief periods before abandoning them and moving on to new domains.<\/p>\n<p>Researchers said the rapid turnover and shifts to temporary infrastructure complicated efforts to detect and block new campaigns.<\/p>\n<p>The Tycoon 2FA takedown follows a <a href=\"https:\/\/cyberscoop.com\/cybercrime-crackdown-operation-endgame-operation-secure\/\">recent wave of cybercrime crackdowns<\/a>, including actions against <a href=\"https:\/\/cyberscoop.com\/microsoft-seizes-phishing-sites-raccoono365\/\">Racoon0365<\/a> and the <a href=\"https:\/\/cyberscoop.com\/lumma-stealer-infostealer-takedown\/\">Lumma Stealer infostealer operation<\/a>, which <a href=\"https:\/\/cyberscoop.com\/lumma-infostealer-widespread-victims\/\">infected about 10 million systems<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.1062992125984\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/global-coalition-dismantles-tycoon-2fa-phishing-kit.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/tycoon-2fa-phishing-kit-takedown-microsoft\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Global coalition dismantles Tycoon 2FA phishing kit | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[632,780,282,78,6117,2145,117,4809,3352,2141,2834,625,2435,5177,2048,6111,4274,256,6118,2880,2730,4931,288,3172,971],"tags":[633,785,286,86,6119,2147,119,4812,3356,2143,2837,630,2436,5179,2053,6116,4277,262,6120,2882,2738,4933,294,3174,973],"class_list":["post-8401","post","type-post","status-publish","format-standard","hentry","category-cloudflare","category-coinbase","category-cybercrime","category-cybersecurity","category-esentire","category-europol","category-government","category-health-isac","category-intel-471","category-latvia","category-lithuania","category-microsoft","category-microsoft-digital-crimes-unit","category-microsoft-threat-intelligence","category-poland","category-portugal","category-proofpoint","category-research","category-resecurity","category-shadowserver","category-spain","category-spycloud","category-threats","category-trend-micro","category-united-kingdom-u-k","tag-cloudflare","tag-coinbase","tag-cybercrime","tag-cybersecurity","tag-esentire","tag-europol","tag-government","tag-health-isac","tag-intel-471","tag-latvia","tag-lithuania","tag-microsoft","tag-microsoft-digital-crimes-unit","tag-microsoft-threat-intelligence","tag-poland","tag-portugal","tag-proofpoint","tag-research","tag-resecurity","tag-shadowserver","tag-spain","tag-spycloud","tag-threats","tag-trend-micro","tag-united-kingdom-u-k"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloudflare\/\" rel=\"category tag\">Cloudflare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/coinbase\/\" rel=\"category tag\">Coinbase<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/esentire\/\" rel=\"category tag\">eSentire<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/europol\/\" rel=\"category tag\">Europol<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/health-isac\/\" rel=\"category tag\">Health-ISAC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/intel-471\/\" rel=\"category tag\">Intel 471<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/latvia\/\" rel=\"category tag\">Latvia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lithuania\/\" rel=\"category tag\">Lithuania<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-digital-crimes-unit\/\" rel=\"category tag\">Microsoft Digital Crimes Unit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence\/\" rel=\"category tag\">Microsoft Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/poland\/\" rel=\"category tag\">Poland<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/portugal\/\" rel=\"category tag\">portugal<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/proofpoint\/\" rel=\"category tag\">Proofpoint<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/resecurity\/\" rel=\"category tag\">Resecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shadowserver\/\" rel=\"category tag\">Shadowserver<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spain\/\" rel=\"category tag\">Spain<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spycloud\/\" rel=\"category tag\">SpyCloud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trend-micro\/\" rel=\"category tag\">Trend Micro<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-kingdom-u-k\/\" rel=\"category tag\">United Kingdom (U.K.)<\/a>","tag_info":"United Kingdom (U.K.)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8401","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8401"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8401\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8401,"date":"2026-03-04T16:32:34","date_gmt":"2026-03-04T22:32:34","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88050"},"modified":"2026-03-04T16:32:34","modified_gmt":"2026-03-04T22:32:34","slug":"global-coalition-dismantles-tycoon-2fa-phishing-kit","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/04\/global-coalition-dismantles-tycoon-2fa-phishing-kit\/","title":{"rendered":"Global coalition dismantles Tycoon 2FA phishing kit"},"content":{"rendered":"