Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Joint Microsoft and Cloudflare operation disrupts phishing as a service targeting Microsoft 365 credentials

  • Microsoft and Cloudflare disrupted the RaccoonO365 phishing-as-a-service operation by seizing 338 websites linked to the group in early September 2025.
  • The takedown followed an investigation that revealed Joshua Ogundipe, a Nigerian programmer, led a criminal enterprise selling subscription-based phishing kits on Telegram to over 850 members.
  • RaccoonO365 kits sent emails with malicious links, attachments, or QR codes that redirected victims to fake Microsoft 365 login pages to harvest credentials and bypass multifactor authentication.
  • Microsoft reported that the group obtained over 5,000 credentials across 94 countries and received cryptocurrency payments totaling $100,000 or more from approximately 100 subscriptions, while cautioning that gaps in international laws may enable scammers to quickly reestablish operations.
  • Microsoft called on governments to harmonize cybercrime legislation and enhance cooperation between technology companies and law enforcement agencies to prevent cybercriminals from rapidly reestablishing phishing schemes.
Insights by Ground AI

24 Articles

Tech RadarTech Radar
Center

Joint Microsoft and Cloudflare operation disrupts phishing as a service targeting Microsoft 365 credentials

Microsoft and Cloudflare dismantle phishing network that stole thousands of Microsoft 365 credentials using fake login pages and subscription kits.

·United Kingdom
Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

Microsoft disrupts global phishing campaign that led to widespread credential theft

Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations.

Read Full Article
BleepingComputerBleepingComputer
Center

Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service

Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. [...]

Read Full Article
CyberScoopCyberScoop
Center

Microsoft seizes hundreds of phishing sites tied to massive credential theft operation

Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday.  The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials from organizations spanning 94 countries, making it the “fastest-growin…

Read Full Article
01net01net

Thousands of Microsoft Credentials Have Been Hacked: the Counterattack Is Underway

RaccoonO365, a powerful phishing platform, has been implicated in the theft of credentials from thousands of Microsoft accounts. This subscription-based service, used by hundreds of aspiring cybercriminals, puts many Internet users at risk. With the help of Cloudflare, Microsoft has fought back.

Read Full Article
Netzpalaver | #CloudComputing #Datacenter #Cybercrime #Telekommunkation #InfrastrukturNetzpalaver | #CloudComputing #Datacenter #Cybercrime #Telekommunkation #Infrastruktur

Microsoft Seized 338 Websites to Smash the Fast-Growing Phishing Service "Raccoono365"

Microsoft's Digital Crimes Unit (DCU) has seized 338 websites connected to "RaccoonO365" by a court order of the Southern District of New York. The aim was to disrupt the service's technical infrastructure and to deprive criminals of access to victim accounts. RaccoonO365 is a phishing toolkit that steals Microsoft's 365 access data. This case shows that cybercriminals [...] Microsoft's contribution confiscated 338 sites to destroy the fast-grow…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Record by Recorded Future broke the news in on Tuesday, September 16, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Cybercrimes icon

Cybercrimes

New York City icon

New York City

News
For You
SearchBlindspotLocal