Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Joint Microsoft and Cloudflare operation disrupts phishing as a service targeting Microsoft 365 credentials

  • Microsoft and Cloudflare disrupted the RaccoonO365 phishing-as-a-service operation by seizing 338 websites linked to the group in early September 2025.
  • The takedown followed an investigation that revealed Joshua Ogundipe, a Nigerian programmer, led a criminal enterprise selling subscription-based phishing kits on Telegram to over 850 members.
  • RaccoonO365 kits sent emails with malicious links, attachments, or QR codes that redirected victims to fake Microsoft 365 login pages to harvest credentials and bypass multifactor authentication.
  • Microsoft reported that the group obtained over 5,000 credentials across 94 countries and received cryptocurrency payments totaling $100,000 or more from approximately 100 subscriptions, while cautioning that gaps in international laws may enable scammers to quickly reestablish operations.
  • Microsoft called on governments to harmonize cybercrime legislation and enhance cooperation between technology companies and law enforcement agencies to prevent cybercriminals from rapidly reestablishing phishing schemes.
Insights by Ground AI

18 Articles

Tech RadarTech Radar
Center

Joint Microsoft and Cloudflare operation disrupts phishing as a service targeting Microsoft 365 credentials

Microsoft and Cloudflare dismantle phishing network that stole thousands of Microsoft 365 credentials using fake login pages and subscription kits.

·United Kingdom
Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

Microsoft disrupts global phishing campaign that led to widespread credential theft

Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations.

Read Full Article
BleepingComputerBleepingComputer
Center

Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service

Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. [...]

Read Full Article
CyberScoopCyberScoop
Center

Microsoft seizes hundreds of phishing sites tied to massive credential theft operation

Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday.  The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials from organizations spanning 94 countries, making it the “fastest-growin…

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Microsoft, Cloudflare coordinate takedown of RaccoonO365 phishing infrastructure

More than 300 websites were seized by Microsoft’s Digital Crimes Unit following a court order. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS…

Read Full Article
technewstube.comtechnewstube.com
Reposted by
World NEWS LiveWorld NEWS Live

Microsoft and Cloudflare jointly take down phishing network that stole thousands of Microsoft 365 credentials

Microsoft and Cloudflare dismantle phishing network that stole thousands of Microsoft 365 credentials using fake login pages and subscription kits.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Record by Recorded Future broke the news in on Tuesday, September 16, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Cryptocurrency icon

Cryptocurrency

Nigeria icon

Nigeria

News
For You
SearchBlindspotLocal