Microsoft has taken down nearly 340 websites tied to Raccoon0365, a fast-growing Nigerian-based phishing service that helped cybercriminals steal at least 5,000 Microsoft user credentials.
The company obtained a court order from the U.S. District Court in Manhattan earlier this month to seize the domains. According to Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, Raccoon0365 operated as a subscription service through a private Telegram channel with over 850 subscribers. It allowed users to impersonate trusted brands and trick victims into entering credentials on fake Microsoft login pages.
Launched in July 2024, the service generated at least $100,000 in cryptocurrency for its operators. Microsoft identified Joshua Ogundipe, based in Nigeria, as the leader of the operation.
Raccoon0365 campaigns targeted industries worldwide, with a large focus on New York–based organizations. Court filings show one campaign sent tax-themed phishing emails to over 2,300 organizations in just two weeks this February. The group has also been linked to breaches at multiple healthcare organizations.
Cloudflare, which provided infrastructure used by Raccoon0365, worked with Microsoft and the U.S. Secret Service to block the service and prevent new accounts from being created.
“Cybercriminals don’t need to be sophisticated to cause widespread harm,” Masada said. “Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
