A DNS Investigation of the Typhoon 2FA Phishing Kit
Phishing-as-a-service (PhaaS) and similar offerings have made cybercrime accessible to anyone willing to risk incarceration in exchange for quick-and-easy money. And the creators of Typhoon 2FA, a phishing kit said to be able to bypass two-factor authentication (2FA) on Microsoft 365 and Google accounts are taking advantage of that fact.1
A total of 103 Typhoon 2FA indicators of compromise (IoCs) have been identified to date.2 We found more possibly connected artifacts using our comprehensive DNS intelligence sources, including: