PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations

SUMMARY :

This analysis explores the connections between two Phishing-as-a-Service (PhaaS) platforms: Tycoon2FA and Dadsec. The investigation reveals shared infrastructure and operational similarities, suggesting a common origin or adaptation. The report details the evolving tactics of Tycoon2FA, including its use of Cloudflare Turnstile, anti-analysis techniques, and sophisticated phishing pages. Key findings include the rapid expansion of Tycoon2FA's infrastructure, with thousands of new phishing pages detected since July 2024. The analysis also uncovers the platform's advanced features, such as MFA bypass capabilities and real-time credential interception. The report emphasizes the growing threat posed by PhaaS platforms and the need for continued vigilance and adaptation in cybersecurity defenses.

OPENCTI LABELS :

credential theft,mfa bypass,aitm,dadsec,phishing-as-a-service,tycoon2fa


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations