Microsoft Shuts Down RaccoonO365 Phishing Tool, Confiscates 338 Malicious Websites
In a significant move against cybercrime, Microsoft has disrupted RaccoonO365, a phishing kit responsible for the theft of over 5000 Microsoft 365 credentials. The operation, carried out in partnership with Health-ISAC, a global non-profit focused on cybersecurity and threat intelligence in the health sector, has severely curtailed the phishing kit's technical infrastructure.
The RaccoonO365 phishing kits enable attackers to use Microsoft 365 branding to make fraudulent emails, attachments, and websites appear legitimate. The kit's operator, Joshua Ogundipe, is based in Nigeria and is believed to have marketed and sold the service to a customer base of 850 members on Telegram.
To evade detection, Ogundipe and his associates registered Internet domains using fictitious names and physical addresses. They also employed techniques to evade multi-factor authentication (MFA) protections, allowing them to target 9000 email addresses per day, according to Microsoft.
Microsoft wrote that the rapid development, marketing, and accessibility of services like RaccoonO365 indicate a troubling new phase of cybercrime where scams and threats are likely to multiply exponentially. Ogundipe and his associates are estimated to have received at least $100,000 in cryptocurrency payments from users of the phishing service.
The Digital Crimes Unit (DCU) seized 338 websites associated with RaccoonO365, known as Storm-2246. The court order for the operation was obtained from the Southern District of New York. Joshua Ogundipe was arrested in Nigeria in connection with the operation.
Recently, RaccoonO365 operators have started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication of attacks. Credentials stolen via RaccoonO365 phishing emails are often a precursor to malware and ransomware.
The operation has had a significant impact, with RaccoonO365 kits having been used to target at least 20 US healthcare organizations and an extensive tax-themed phishing campaign targeting over 2300 organizations in the US. A criminal referral for Ogundipe has been sent to international law enforcement.
This disruption serves as a reminder of the ongoing efforts required to combat cybercrime and protect users from such threats. As the digital landscape continues to evolve, it is crucial that security measures adapt and grow to meet the challenges posed by cybercriminals.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- Upcoming Amazon Hardware Event 2025: Anticipated Announcements
- BMW Suffers Ransomware Attack by Everest Group, with Reports of Stolen Internal Documents
- MI6 intelligence agency in the UK intends to expand recruitment efforts into the dark web, particularly focusing on potential candidates within Russia.
