Microsoft has shut down 338 websites linked to a Nigerian-led phishing empire, RaccoonO365, in a global operation that exposed how simple subscription kits are fuelling a new wave of cybercrime.
The company’s digital Crimes Unit (DCU), working with Cloudflare and the US Secret Service, announced yesterday that it had secured a court order from the Southern District of New York to seize the domains.
Steven Masada, Assistant General Counsel at Microsoft’s DCU, said the swoop dismantles the technical backbone of RaccoonO365. He revealed that the notorious phishing-as-a-service network enabled even low-skilled actors to steal Microsoft 365 login details by impersonating official communications.
“Cybercriminals don’t need to be sophisticated to cause widespread harm. Simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk,” Masada said in a blog posted on Microsoft’s website.
The head of Microsoft DCU identified Nigerian national Joshua Ogundipe as the leader of one of the fastest-growing cybercrime services in the world. Since launching in July 2024, RaccoonO365 has stolen at least 5 000 Microsoft credentials from 94 countries, generating over $100 000 in cryptocurrency. Masada highlighted that its private Telegram channel had more than 850 subscribers, offering tiered subscriptions where customers could target up to 9 000 email addresses daily.
The fallout has been global and particularly alarming for critical sectors. Between February 12 and 28 this year, RaccoonO365 was used in a tax-themed phishing campaign targeting more than 2 300 organisations, including at least 20 USA healthcare providers.
“So many of the attacks start because somebody gave up their username and password. Once that access is gained, the possibilities for damage are endless,” said Errol Weiss, Chief Security Officer at Health-ISAC, Microsoft’s partner in the lawsuit.
Cloudflare, which RaccoonO365 exploited to mask its infrastructure, also moved to disrupt operations. “They are in people’s accounts, they compromise lots of people, and it needs to obviously be stopped,” Blake Darché, Cloudflare’s head of threat intelligence, told Reuters.
Masada warned that for Nigeria, the takedown sharply shines the spotlight on both the promise and peril of its digital rise. As Africa’s largest economy races ahead in fintech and cloud adoption, its association with one of the world’s fastest-growing cybercrime rings raises urgent questions about cyber governance and reputation. “We are entering a troubling new phase of cybercrime where scams and threats are likely to multiply exponentially,” he said.
For more on this story, read Microsoft’s full blog post by Steven Masada here and Cloudflare’s statement here https://blog.cloudflare.com/cloudflare-participates-in-global-operation-to-disrupt-raccoono365/
Share
