topic New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts in Threats https://community.isc2.org/t5/Threats/New-MFA-bypassing-phishing-kit-targets-Microsoft-365-Gmail/m-p/68680#M1145 <P>Hi All</P><P>&nbsp;</P><P>Cyber-criminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target&nbsp;Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.</P><P>Tycoon 2FA was discovered by <A href="https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/" target="_blank" rel="nofollow noopener">Sekoia analysts</A> in October 2023 during routine threat hunting, but it has been active since at least August 2023, when the Saad Tycoon group&nbsp;offered it through private Telegram channels.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/" target="_blank">https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Cautim_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 25 Mar 2024 21:49:42 GMT Caute_cautim 2024-03-25T21:49:42Z New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts https://community.isc2.org/t5/Threats/New-MFA-bypassing-phishing-kit-targets-Microsoft-365-Gmail/m-p/68680#M1145 <P>Hi All</P><P>&nbsp;</P><P>Cyber-criminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target&nbsp;Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.</P><P>Tycoon 2FA was discovered by <A href="https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/" target="_blank" rel="nofollow noopener">Sekoia analysts</A> in October 2023 during routine threat hunting, but it has been active since at least August 2023, when the Saad Tycoon group&nbsp;offered it through private Telegram channels.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/" target="_blank">https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Cautim_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 25 Mar 2024 21:49:42 GMT https://community.isc2.org/t5/Threats/New-MFA-bypassing-phishing-kit-targets-Microsoft-365-Gmail/m-p/68680#M1145 Caute_cautim 2024-03-25T21:49:42Z