Microsoft said Tuesday it had seized nearly 340 websites tied to a Nigeria-based phishing service that harvested thousands of user credentials. The service, known as Raccoon0365, sold subscriptions via a private Telegram channel with more than 850 members.
According to Microsoft’s Digital Crimes Unit, Raccoon0365 allowed users to impersonate trusted brands and trick victims into entering credentials on fake Microsoft login pages. The operators are believed to have earned at least $100,000 in cryptocurrency since launching in July 2024.
A U.S. court granted Microsoft authority earlier this month to take down the domains, which were used in large-scale phishing campaigns, sometimes involving thousands of emails at once. The company identified Joshua Ogundipe, based in Nigeria, as the alleged ringleader.
Court filings show Raccoon0365 targeted industries worldwide, including healthcare organizations in the U.S. Security firm Cloudflare, which had hosted parts of the infrastructure, worked with Microsoft and the U.S. Secret Service to shut it down.
“Cybercriminals don’t need to be sophisticated to cause widespread harm,” Microsoft assistant general counsel Steven Masada said. “Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”
