By Muhammad Sal
Microsoft’s Digital Crimes Unit (DCU) has successfully dismantled RaccoonO365, a Nigeria-based phishing operation, by seizing 338 websites used to steal thousands of Microsoft 365 credentials worldwide.
The crackdown focused on a prolific cybercriminal platform known for selling phishing toolkits designed to mimic official Microsoft communications, including emails and login pages. Marketed on Telegram to over 850 users, this subscription-based service allowed criminals with minimal technical skills to launch credential-harvesting campaigns at an alarming scale. Since July 2024, the kits have facilitated the theft of more than 5,000 Microsoft user credentials.
At the center of this operation is Joshua Ogundipe, a Nigerian programmer identified by Microsoft as the mastermind behind RaccoonO365’s technical framework and business model. Microsoft revealed that he and associates took specialized roles in code development, subscription sales, and support services for the criminal clientele, generating at least $100,000 in cryptocurrency payments. They employed deceptive tactics like registering internet domains with fake identities and addresses spanning multiple countries to evade detection.
The compromised kits have been linked to damaging campaigns targeting critical sectors, including a tax-themed offensive against over 2,300 U.S. organizations and at least 20 American healthcare institutions. Experts warn these phishing operations pave the way for severe disruptions such as ransomware attacks, exposing sensitive patient data and compromising public safety.
Microsoft’s collaboration with Cloudflare and Chainalysis facilitated the takedown, suspending malicious domains, disabling scripts, and revealing key cryptocurrency wallets aiding attribution. The swift legal and technical intervention against RaccoonO365 shows the importance of joint international cooperation to curtail cybercrime.
We’d love your thoughts on this article! Was the information relevant to you?
