{"id":232591,"date":"2026-03-05T06:16:11","date_gmt":"2026-03-05T12:16:11","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/03\/europol-led-operation-takes-down-tycoon-2fa-phishing-as-a-service-linked-to-64000-attacks"},"modified":"2026-03-05T06:16:11","modified_gmt":"2026-03-05T12:16:11","slug":"europol-led-operation-takes-down-tycoon-2fa-phishing-as-a-service-linked-to-64000-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/03\/europol-led-operation-takes-down-tycoon-2fa-phishing-as-a-service-linked-to-64000-attacks","title":{"rendered":"Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/europol-led-operation-takes-down-tycoon-2fa-phishing-as-a-service-linked-to-64000-attacks2.jpg\"><\/a><\/p>\n<p>The panel serves as a hub for configuring, tracking, and refining campaigns. It features pre\u2011built templates, attachment files for common lure formats, domain and hosting configuration, redirect logic, and victim tracking. Operators can also configure how the malicious content is delivered through attachments, as well as keep tabs on valid and invalid sign-in attempts.<\/p>\n<p>The captured information, such as credentials, multi-factor authentication (MFA) codes, and session cookies, can be downloaded directly within the panel or forwarded to Telegram for near\u2011real\u2011time monitoring.<\/p>\n<p>\u201cIt enabled thousands of cybercriminals to covertly access email and cloud-based service accounts,\u201d Europol <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/global-phishing-service-platform-taken-down-in-coordinated-public-private-action\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cAt scale, the platform generated tens of millions of phishing emails each month and facilitated unauthorized access to nearly 100,000 organizations globally, including schools, hospitals, and public institutions.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The panel serves as a hub for configuring, tracking, and refining campaigns. It features pre\u2011built templates, attachment files for common lure formats, domain and hosting configuration, redirect logic, and victim tracking. Operators can also configure how the malicious content is delivered through attachments, as well as keep tabs on valid and invalid sign-in attempts. The [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,34],"tags":[],"class_list":["post-232591","post","type-post","status-publish","format-standard","hentry","category-biotech-medical","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/232591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=232591"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/232591\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=232591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=232591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=232591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}