{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibpyqj5ye6zlsk7udhm6iumlupmcz4inaasg7uddx3hrwzepo5f4i",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mhuwwtpmpy42"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihxlhxa7wpb5oe5gdteih3csiiqtzq44prleckdfuobelrxlxzbjq"
    },
    "mimeType": "image/webp",
    "size": 27732
  },
  "path": "/tycoon2fa-operators-resume-cloud-account-phishing-after-infrastructure-disruption/",
  "publishedAt": "2026-03-25T08:09:13.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Tycoon2FA operators resume cloud account phishing after infrastructure disruption",
    "VPN Central"
  ],
  "textContent": "Tycoon2FA is already back in action after the March 4 takedown. CrowdStrike says the phishing-as-a-service platform resumed cloud account phishing within days of the Europol-led disruption, with activity quickly returning to levels seen before the operation. That makes the takedown look more like a temporary setback than a lasting shutdown. Europol said authorities and private-sector […]\n\nThe post Tycoon2FA operators resume cloud account phishing after infrastructure disruption appeared first on VPN Central.",
  "title": "Tycoon2FA operators resume cloud account phishing after infrastructure disruption"
}