Major phishing operation taken down by Microsoft and Cloudflare
In a significant move to combat cybercrime, Cloudflare and Microsoft 365 have partnered to take down the notorious RaccoonO365 phishing tool, a service used by hackers worldwide to steal Microsoft 365 credentials. The tool, developed and operated by Nigerian national Joshua Ogundipe, had been generating revenue through a Telegram group, where subscriptions to RaccoonO365 were sold for at least $100,000 in cryptocurrency. The service offered 30-day access for $355 and 90-day access for $999. Ogundipe is believed to have written the majority of the code for RaccoonO365, which includes protections against connections from 17 major security vendors. By August 2025, the tool was capable of real-time data exfiltration and the group had begun to advertise an AI-powered tool, 'RaccoonO365 AI-MailCheck'. Since December 2024, RaccoonO365 had been deploying Cloudflare Worker clusters to obscure its attack infrastructure. In response, Cloudflare had been mitigating individual RaccoonO365 domains based on complaints, but partnered with Microsoft for a broader takedown. The full takedown began on 2 September, with Cloudflare acting in coordination with Microsoft's seizure of 338 websites associated with the group. Cloudflare banned all Workers scripts linked to the group, suspended associated user accounts, and placed phishing warnings on banned domains. Simon Phillips, CTO of engineering at CybaVerse, stated that RaccoonO365 offered a ready-made package for sending thousands of phishing emails daily, lowering the barrier to entry for phishing scammers. He cautioned that attackers cut off from PhaaS tools could still turn to the dark web to purchase email addresses for AI-powered phishing campaigns of their own. Microsoft's Digital Crimes Unit (DCU) identified the group's leader as Joshua Ogundipe, based out of Nigeria. The RaccoonO365 Telegram group advertised a 100% clean codebase with no backdoors or tracking. However, the tool is linked to the theft of at least 5,000 Microsoft credentials, across 94 countries. Stolen credentials are especially effective against victims who reuse passwords across accounts, according to Phillips. Microsoft designates RaccoonO365 as 'Storm-2246', a group under development that has rapidly risen to prominence since June 2024. Microsoft's DCU seized 338 domains linked to RaccoonO365. The company stated that RaccoonO365's operators will likely attempt to rebuild infrastructure, but it will continue to take legal action to prevent attackers from resuming their operations. The takedown marks a significant victory in the ongoing battle against cybercrime.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Tesla's Autonomous Taxi: Human Intervention in AI-Driven Vehicles Unveiled as Controversy
- Network Monitoring Tool: Snort - an open-source Intrusion Detection System for data communications and networking
- HPV Link to Breast Cancer, Risk Factors, and Ways to Prevent It
