By Pragati Saha
On Tuesday, Microsoft Inc. said that at least 340 websites which were tied to a fast-growing service that is Nigeria-based which allows users to perform phishing operations that stole at least 5000 user credentials, were seized by them.
Earlier this month, in Manhattan, Microsoft got an order from the U.S. District Court to seize the domains associated with Raccoon0365, a subscription service that allows users to conduct massive phishing campaigns, according to Steven Masada, Microsoft’s Digital Crimes Unit’s assistant general counsel, which at times involved thousands of emails at once.
Raccoon0365, which offers a service via a private Telegram Channel that has more than 850 subscribers. This service allows users to imitate trusted brands and get a target to enter into their Microsoft login pages, on fake Microsoft login pages, according to a blog by Masada on Microsoft’s website. It was also mentioned in the blog that the service has produced at least $100,000 in cryptocurrency payments for its small groups since the time it started operating in July 2024. It was mentioned by Microsoft that the websites were seized over a period of days earlier this month.
Nigeria-based Joshua Ogundipe was identified as the leader and main operator of Raccoon0365 by Microsoft. Ogunidpe did not respond to the email request for a comment that was sent to the email address mentioned by Microsoft in its Court filing.
Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center, which offers cybersecurity services to the members of health organizations and is a co-plaintiff with Microsoft, stated that Raccoon0365 has been associated with successful credential theft via a phishing campaign at least five unnamed healthcare organizations, while it targeted 25 total healthcare organizations. It was also mentioned by Weiss that once hackers get access, various outcomes can take place.
The operators of Raccoon0365 utilized services from Cloudflare to conceal the backend infrastructure of the service, as stated in a blog post by the internet service company. Cloudflare collaborated with Microsoft and the U.S. Secret Service to interrupt raccoon0365’s operations on its platform and stop operators from creating new accounts, according to the company.