Particle.news
Download on the App Store
15 ARTICLES
·
yesterday

Microsoft, Cloudflare Seize 338 RaccoonO365 Phishing Domains, Name Alleged Operator

A U.S. court order enabled a cross-platform takedown of a phishing-as-a-service that monetized credential theft.

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, March 21, 2025. REUTERS/Gonzalo Fuentes/File Photo
Image
Microsoft 365 phishing
Image

Overview

  • Acting under a Southern District of New York order, Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains and Cloudflare dismantled related Workers and accounts to cut off access to victims.
  • Microsoft identified Nigeria-based Joshua Ogundipe as the alleged leader, filed a lawsuit with Health-ISAC, obtained a restraining order, and sent a criminal referral to international law enforcement.
  • RaccoonO365 sold subscription kits on a private Telegram channel of about 850 members, took in at least $100,000 in cryptocurrency, and offered tiers reportedly priced from $355 to $999.
  • The kits enabled up to 9,000 targets per day and captured session cookies to bypass multifactor authentication, contributing to theft of at least 5,000 Microsoft 365 credentials across 94 countries.
  • Campaigns included a tax-themed run hitting more than 2,300 U.S. organizations and activity against at least 20 U.S. healthcare entities, while operators have signaled plans to rebuild after the takedown.