Cybersecurity

Tycoon Threat Actors Master Device Code Phishing, Bypass 2FA

April 22, 2026 Source: Darkreading 7 views

The Tycoon phishing group is shifting from traditional 2FA phishing to device code phishing.
Device code phishing tricks victims into granting account access via legitimate new-device login flows.
This advanced method effectively bypasses multi-factor authentication (MFA) mechanisms for account takeover.

Intelligence briefing: Why this matters: This evolution in phishing tactics demands updated defensive strategies and enhanced user awareness training to protect sensitive accounts and systems within IT and national security organizations.

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

phishingdevice code2fa bypassmfatycoon groupaccount takeovercybercrime

Original reporting: https://www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing

Free Weekly Intel Digest

Top 5 defense & cybersecurity briefings every Sunday. Free, no spam, unsubscribe anytime.

Readers from 5+ countries already subscribed