A DNS Investigation of the Typhoon 2FA Phishing Kit

9 May 2024

Bleeping Computer recently reported that a phishing-as-a-service (PhaaS) available in cybercriminal forums dubbed “Typhoon 2FA” has the ability to compromise Microsoft 365 and Google accounts even if users have two-factor authentication (2FA) enabled. Sekoia security analysts uncovered the phishing kit back in October 2023 though they believe it has been active since at least August of that same year.

Source: CircleID

Date:

9 May 2024

Categorie(s):

NEWS

Tag(s):

DNS, Infrastructure Development, Investigations, Networking, Typhoon

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain20 May 2024
PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)20 May 2024
Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware20 May 2024
PoC Exploit Published for 0-day Vulnerability in Google Chrome20 May 2024
Chrome vs. Edge: Which browser is better for business?20 May 2024