Microsoft has seized approximately 340 websites linked to a Nigerian‑based phishing operation that has stolen at least 5,000 Microsoft user credentials. The operation, known as Raccoon0365, offered a subscription service that enabled large‑scale phishing campaigns. Managed through a private Telegram channel with over 850 subscribers, the service allowed users to impersonate trusted brands and lure victims into entering their Microsoft login details on counterfeit login pages.
The website seizure was made possible by an order from the U.S. District Court in Manhattan, which Microsoft obtained earlier this month. The company’s Digital Crimes Unit, led by Assistant General Counsel Steven Masada, has been investigating the operation and working to dismantle its infrastructure. Masada noted that since its launch in July 2024, the service has generated at least $100,000 in cryptocurrency payments for its operators.
Raccoon0365’s phishing campaigns have targeted a wide range of industries, with a significant focus on organizations based in New York City. Microsoft identified several Raccoon0365‑related attacks, including a tax‑themed campaign that affected more than 2,300 U.S. organizations between February 12 and 28. The company also collaborated with security partners such as Cloudflare to seize and take down malicious infrastructure tied to the operation.
The impact of Raccoon0365 extends to the healthcare sector, where at least five unnamed healthcare organizations fell victim to credential harvesting. Errol Weiss, chief security officer of the Health Information Sharing & Analysis Center (Health‑ISAC), reported that a total of 25 health‑sector organizations were targeted.
Microsoft’s efforts to dismantle Raccoon0365’s infrastructure are ongoing, and the company plans to pursue additional legal actions to prevent the operation from rebuilding. The seizure of the websites represents a significant blow to the phishing network and underscores the need for vigilance against cyber threats. As Masada warned, “Cybercriminals don’t need to be sophisticated to cause widespread harm,” and simple tools like Raccoon0365 can endanger millions of users.
Comments are closed for this story.