{"id":47860,"date":"2026-05-20T14:42:34","date_gmt":"2026-05-20T07:42:34","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47860"},"modified":"2026-05-20T14:42:34","modified_gmt":"2026-05-20T07:42:34","slug":"tycoon2fa-chiem-doat-tai-khoan-microsoft-365-thong-qua-tan-cong-phishing","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/tycoon2fa-chiem-doat-tai-khoan-microsoft-365-thong-qua-tan-cong-phishing\/","title":{"rendered":"Tycoon2FA chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n Microsoft 365 th\u00f4ng qua t\u1ea5n c\u00f4ng phishing"},"content":{"rendered":"
\n
<\/i>\u00a0H\u1ed3ng \u0110\u1ea1t<\/a><\/div>\n<\/div>\n

B\u1ed9 c\u00f4ng c\u1ee5 l\u1eeba \u0111\u1ea3o Tycoon2FA hi\u1ec7n h\u1ed7 tr\u1ee3 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng phishing m\u00e3 thi\u1ebft b\u1ecb v\u00e0 l\u1ee3i d\u1ee5ng c\u00e1c URL theo d\u00f5i nh\u1ea5p chu\u1ed9t c\u1ee7a Trustifi \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n Microsoft 365.<\/p>\n

<\/p>\n

M\u1eb7c d\u00f9 m\u1ed9t chi\u1ebfn d\u1ecbch th\u1ef1c thi ph\u00e1p lu\u1eadt qu\u1ed1c t\u1ebf \u0111\u00e3 tri\u1ec7t ph\u00e1 n\u1ec1n t\u1ea3ng l\u1eeba \u0111\u1ea3o Tycoon2FA v\u00e0o th\u00e1ng 3 n\u0103m nay, nh\u01b0ng ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng tr\u00ean c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng m\u1edbi v\u00e0 nhanh ch\u00f3ng ho\u1ea1t \u0111\u1ed9ng tr\u1edf l\u1ea1i b\u00ecnh th\u01b0\u1eddng.<\/p>\n

\u0110\u1ea7u th\u00e1ng 5\/2026, c\u00f4ng ty an ninh m\u1ea1ng Abnormal Security x\u00e1c nh\u1eadn r\u1eb1ng Tycoon2FA \u0111\u00e3 xu\u1ea5t hi\u1ec7n v\u00e0 th\u1eadm ch\u00ed c\u00f2n b\u1ed5 sung th\u00eam c\u00e1c l\u1edbp m\u00e3 h\u00f3a m\u1edbi \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng kh\u1ea3 n\u0103ng ch\u1ed1ng l\u1ea1i c\u00e1c n\u1ed7 l\u1ef1c ph\u00e1 ho\u1ea1i m\u1edbi.<\/p>\n

Tr\u01b0\u1edbc \u0111\u00f3, Tycoon2FA \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong m\u1ed9t chi\u1ebfn d\u1ecbch l\u1ee3i d\u1ee5ng lu\u1ed3ng c\u1ea5p quy\u1ec1n \u1ee7y quy\u1ec1n thi\u1ebft b\u1ecb OAuth 2.0 \u0111\u1ec3 x\u00e2m ph\u1ea1m t\u00e0i kho\u1ea3n Microsoft 365, cho th\u1ea5y nh\u00e0 c\u00e1c tin t\u1eb7c v\u1eabn \u0111ang ti\u1ebfp t\u1ee5c ph\u00e1t tri\u1ec3n b\u1ed9 c\u00f4ng c\u1ee5.<\/p>\n

T\u1ea5n c\u00f4ng\u00a0phishing<\/a>\u00a0b\u1eb1ng m\u00e3 thi\u1ebft b\u1ecb l\u00e0 m\u1ed9t ki\u1ec3u t\u1ea5n c\u00f4ng trong \u0111\u00f3 t\u00e1c nh\u00e2n \u0111e d\u1ecda g\u1eedi y\u00eau c\u1ea7u x\u00e1c th\u1ef1c thi\u1ebft b\u1ecb \u0111\u1ebfn nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 c\u1ee7a m\u1ee5c ti\u00eau, \u0111\u1ed3ng th\u1eddi chuy\u1ec3n ti\u1ebfp m\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o ra cho n\u1ea1n nh\u00e2n, \u0111\u00e1nh l\u1eeba h\u1ecd nh\u1eadp m\u00e3 \u0111\u00f3 v\u00e0o trang \u0111\u0103ng nh\u1eadp h\u1ee3p l\u1ec7 c\u1ee7a d\u1ecbch v\u1ee5.<\/p>\n

H\u00e0nh vi n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u0103ng k\u00fd m\u1ed9t thi\u1ebft b\u1ecb gi\u1ea3 m\u1ea1o v\u1edbi t\u00e0i kho\u1ea3n\u00a0Microsoft 365<\/a>\u00a0c\u1ee7a n\u1ea1n nh\u00e2n, t\u1eeb \u0111\u00f3 cho ph\u00e9p ch\u00fang truy c\u1eadp kh\u00f4ng h\u1ea1n ch\u1ebf v\u00e0o d\u1eef li\u1ec7u v\u00e0 d\u1ecbch v\u1ee5 c\u1ee7a n\u1ea1n nh\u00e2n, bao g\u1ed3m email, l\u1ecbch v\u00e0 l\u01b0u tr\u1eef t\u1ec7p tr\u00ean \u0111\u00e1m m\u00e2y.<\/p>\n

M\u1edbi \u0111\u00e2y, Push Security c\u1ea3nh b\u00e1o r\u1eb1ng lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0y \u0111\u00e3 t\u0103ng g\u1ea5p 37 l\u1ea7n trong n\u0103m nay, \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 b\u1edfi \u00edt nh\u1ea5t 10 n\u1ec1n t\u1ea3ng d\u1ecbch v\u1ee5 phishing tr\u1ef1c tuy\u1ebfn (PhaaS) v\u00e0 c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 b\u00ed m\u1eadt kh\u00e1c nhau. M\u1ed9t b\u00e1o c\u00e1o g\u1ea7n \u0111\u00e2y h\u01a1n c\u1ee7a Proofpoint c\u0169ng ghi nh\u1eadn s\u1ef1 gia t\u0103ng t\u01b0\u01a1ng t\u1ef1 trong vi\u1ec7c s\u1eed d\u1ee5ng chi\u1ebfn thu\u1eadt n\u00e0y.<\/p>\n

Theo nghi\u00ean c\u1ee9u m\u1edbi t\u1eeb c\u00f4ng ty b\u1ea3o m\u1eadt eSentire, cu\u1ed9c t\u1ea5n c\u00f4ng b\u1eaft \u0111\u1ea7u khi n\u1ea1n nh\u00e2n nh\u1ea5p v\u00e0o URL theo d\u00f5i l\u01b0\u1ee3t nh\u1ea5p chu\u1ed9t c\u1ee7a Trustifi trong\u00a0email l\u1eeba \u0111\u1ea3o<\/a>, k\u1ebft th\u00fac b\u1eb1ng vi\u1ec7c n\u1ea1n nh\u00e2n v\u00f4 t\u00ecnh c\u1ea5p OAuth token cho thi\u1ebft b\u1ecb do k\u1ebb t\u1ea5n c\u00f4ng \u0111i\u1ec1u khi\u1ec3n th\u00f4ng qua quy tr\u00ecnh \u0111\u0103ng nh\u1eadp thi\u1ebft b\u1ecb h\u1ee3p ph\u00e1p c\u1ee7a Microsoft t\u1ea1i microsoft.com\/devicelogin.<\/p>\n

Vi\u1ec7c k\u1ebft n\u1ed1i hai \u0111i\u1ec3m cu\u1ed1i \u0111\u00f3 l\u00e0 m\u1ed9t chu\u1ed7i ph\u00e2n ph\u1ed1i 4 l\u1edbp trong tr\u00ecnh duy\u1ec7t, trong \u0111\u00f3 k\u1ef9 thu\u1eadt x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1 (2FA<\/a>) c\u1ee7a Tycoon h\u1ea7u nh\u01b0 kh\u00f4ng thay \u0111\u1ed5i so v\u1edbi bi\u1ebfn th\u1ec3 chuy\u1ec3n ti\u1ebfp th\u00f4ng tin x\u00e1c th\u1ef1c m\u00e0 TRU \u0111\u00e3 t\u1eebng ghi nh\u1eadn th\u00e1ng 4\/2025, c\u0169ng nh\u01b0 bi\u1ebfn th\u1ec3 sau khi b\u1ecb g\u1ee1 b\u1ecf v\u00e0o th\u00e1ng 4\/2026.<\/p>\n

Trustifi l\u00e0 m\u1ed9t n\u1ec1n t\u1ea3ng b\u1ea3o m\u1eadt email h\u1ee3p ph\u00e1p cung c\u1ea5p nhi\u1ec1u c\u00f4ng c\u1ee5 t\u00edch h\u1ee3p v\u00e0o c\u00e1c d\u1ecbch v\u1ee5 email kh\u00e1c nhau, bao g\u1ed3m c\u1ea3 c\u1ee7a Microsoft v\u00e0 Google. Tuy nhi\u00ean, eSentire kh\u00f4ng r\u00f5 b\u1eb1ng c\u00e1ch n\u00e0o m\u00e0 nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng l\u1ea1i c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Trustifi.<\/p>\n

Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, cu\u1ed9c t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng email l\u1eeba \u0111\u1ea3o gi\u1ea3 m\u1ea1o h\u00f3a \u0111\u01a1n ch\u1ee9a URL theo d\u00f5i Trustifi, URL n\u00e0y s\u1ebd chuy\u1ec3n h\u01b0\u1edbng th\u00f4ng qua Trustifi, Cloudflare Workers v\u00e0 m\u1ed9t s\u1ed1 l\u1edbp JavaScript \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a, chuy\u1ec3n h\u01b0\u1edbng n\u1ea1n nh\u00e2n \u0111\u1ebfn m\u1ed9t trang\u00a0CAPTCHA<\/a>\u00a0gi\u1ea3 m\u1ea1o c\u1ee7a Microsoft.<\/p>\n

Trang web l\u1eeba \u0111\u1ea3o l\u1ea5y m\u00e3 thi\u1ebft b\u1ecb Microsoft OAuth t\u1eeb m\u00e1y ch\u1ee7 c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng v\u00e0 h\u01b0\u1edbng d\u1eabn n\u1ea1n nh\u00e2n sao ch\u00e9p, d\u00e1n m\u00e3 \u0111\u00f3 v\u00e0o \u201cmicrosoft.com\/devicelogin\u201d, sau \u0111\u00f3 n\u1ea1n nh\u00e2n s\u1ebd ho\u00e0n t\u1ea5t x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA) \u1edf ph\u00eda m\u00ecnh.<\/p>\n

Sau b\u01b0\u1edbc n\u00e0y, Microsoft s\u1ebd c\u1ea5p token truy c\u1eadp v\u00e0 reload OAuth cho thi\u1ebft b\u1ecb do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t.<\/p>\n

<\/p>\n

Lu\u1ed3ng t\u1ea5n c\u00f4ng Tycoon2FA<\/em><\/p>\n

B\u1ed9 c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng phishing Tycoon2FA bao g\u1ed3m kh\u1ea3 n\u0103ng b\u1ea3o v\u1ec7 to\u00e0n di\u1ec7n ch\u1ed1ng l\u1ea1i vi\u1ec7c ph\u00e2n t\u00edch t\u0129nh v\u00e0 qu\u00e9t t\u1ef1 \u0111\u1ed9ng, ph\u00e1t hi\u1ec7n Selenium, Puppeteer, Playwright, Burp Suite, ch\u1eb7n c\u00e1c nh\u00e0 cung c\u1ea5p b\u1ea3o m\u1eadt, VPN, sandbox, tr\u00ecnh thu th\u1eadp d\u1eef li\u1ec7u AI v\u00e0 nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 \u0111\u00e1m m\u00e2y, \u0111\u1ed3ng th\u1eddi s\u1eed d\u1ee5ng debugger timing traps.<\/p>\n

Theo eSentire, c\u00e1c y\u00eau c\u1ea7u t\u1eeb c\u00e1c thi\u1ebft b\u1ecb cho bi\u1ebft \u0111ang \u1edf trong m\u00f4i tr\u01b0\u1eddng ph\u00e2n t\u00edch s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn m\u1ed9t trang h\u1ee3p l\u1ec7 c\u1ee7a Microsoft. C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u ph\u00e1t hi\u1ec7n ra r\u1eb1ng danh s\u00e1ch ch\u1eb7n (blocklist) c\u1ee7a b\u1ed9 c\u00f4ng c\u1ee5 hi\u1ec7n ch\u1ee9a 230 t\u00ean nh\u00e0 cung c\u1ea5p v\u00e0 \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt li\u00ean t\u1ee5c.<\/p>\n

ESentire khuy\u1ebfn ngh\u1ecb n\u00ean v\u00f4 hi\u1ec7u h\u00f3a lu\u1ed3ng Oauth token khi kh\u00f4ng c\u1ea7n thi\u1ebft, h\u1ea1n ch\u1ebf quy\u1ec1n ch\u1ea5p thu\u1eadn OAuth, y\u00eau c\u1ea7u ph\u00ea duy\u1ec7t c\u1ee7a qu\u1ea3n tr\u1ecb vi\u00ean \u0111\u1ed1i v\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng c\u1ee7a b\u00ean th\u1ee9 ba, b\u1eadt Continuous Access Evaluation (CAE) v\u00e0 th\u1ef1c thi c\u00e1c ch\u00ednh s\u00e1ch truy c\u1eadp thi\u1ebft b\u1ecb tu\u00e2n th\u1ee7 quy \u0111\u1ecbnh.<\/p>\n

Ngo\u00e0i ra, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u khuy\u1ebfn ngh\u1ecb n\u00ean theo d\u00f5i nh\u1eadt k\u00fd Entra \u0111\u1ec3 ph\u00e1t hi\u1ec7n x\u00e1c th\u1ef1c deviceCode, vi\u1ec7c s\u1eed d\u1ee5ng Microsoft Authentication Broker v\u00e0 t\u00e1c nh\u00e2n ng\u01b0\u1eddi d\u00f9ng Node.js. ESentire \u0111\u00e3 c\u00f4ng b\u1ed1 m\u1ed9t b\u1ed9 ch\u1ec9 b\u00e1o v\u1ec1 s\u1ef1 x\u00e2m ph\u1ea1m (IoC) \u0111\u1ed1i v\u1edbi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Tycoon2FA m\u1edbi nh\u1ea5t \u0111\u1ec3 gi\u00fap c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean b\u1ea3o v\u1ec7 m\u00f4i tr\u01b0\u1eddng c\u1ee7a h\u1ecd.<\/p>\n<\/article>\n","protected":false},"excerpt":{"rendered":"

\u00a0H\u1ed3ng \u0110\u1ea1t B\u1ed9 c\u00f4ng c\u1ee5 l\u1eeba \u0111\u1ea3o Tycoon2FA hi\u1ec7n h\u1ed7 tr\u1ee3 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng phishing m\u00e3 thi\u1ebft b\u1ecb v\u00e0 l\u1ee3i d\u1ee5ng c\u00e1c URL theo d\u00f5i nh\u1ea5p chu\u1ed9t c\u1ee7a Trustifi \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n Microsoft 365. M\u1eb7c d\u00f9 m\u1ed9t chi\u1ebfn d\u1ecbch th\u1ef1c thi ph\u00e1p lu\u1eadt qu\u1ed1c t\u1ebf \u0111\u00e3 tri\u1ec7t ph\u00e1 n\u1ec1n t\u1ea3ng l\u1eeba \u0111\u1ea3o […]<\/p>\n","protected":false},"author":20,"featured_media":47861,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47860","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47860"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47860\/revisions"}],"predecessor-version":[{"id":47862,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47860\/revisions\/47862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47861"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}