Tycoon 2FA Phishing Group Adopts Device Code Phishing Tactics

The Tycoon 2FA phishing group has shifted tactics to adopt device code phishing, exploiting legitimate new-device login flows to trick victims into granting account access. This method bypasses traditional two-factor authentication (2FA) protections by leveraging Microsoft’s device code authentication mechanism. Attackers target users by presenting a seemingly legitimate login prompt, which, when approved, grants them persistent access to the victim’s account. No specific dates, CVE IDs, or technical metrics were disclosed in the report. The impact includes unauthorized account access and potential data exfiltration or further compromise.