The Sekoia Threat Detection & Research team uncovered the Tycoon 2FA phishing kit in October 2023, employing the Adversary-in-The-Middle (AiTM) technique [2] [3].


This phishing kit has swiftly emerged as one of the most widespread AiTM phishing kits, with over 1,100 domain names linked to it identified between October 2023 and February 2024. By enticing victims to a counterfeit Microsoft authentication page [1] [2], Tycoon 2FA seeks to pilfer credentials and circumvent Multi-Factor Authentication (MFA). In February 2024 [1] [2] [3], a new iteration of Tycoon 2FA was detected [2], showcasing notable enhancements to its phishing capabilities, including revamped resource retrieval and expanded traffic filtering to combat bot activity and analysis efforts. Concerns were also raised by Sekoia regarding potential ties between Tycoon 2FA and other phishing platforms, suggesting shared infrastructure and code bases [2] [3].


The discovery of the Tycoon 2FA phishing kit underscores the ongoing threat posed by sophisticated cybercriminals. Organizations must remain vigilant and implement robust security measures to safeguard against such malicious activities. The continuous evolution of phishing techniques highlights the need for proactive security measures and ongoing research to stay ahead of cyber threats.