Microsoft Shuts Down Nigerian-Led RaccoonO365 Phishing Network, Seizes 338 Fake Domains
Microsoft’s Digital Crimes Unit (DCU) has successfully dismantled a major phishing network led by a Nigerian individual, seizing 338 fake websites designed to mimic Microsoft login pages and steal user credentials. The operation, known as RaccoonO365, targeted thousands of users worldwide and offered subscription-based phishing kits, allowing even low-skilled cybercriminals to launch large-scale attacks.
The mastermind behind the network, identified as Joshua Ogundipe, allegedly developed the phishing software, sold subscription access, and provided technical support to other criminals. According to Microsoft, Ogundipe and his associates each played specialized roles within the criminal enterprise, including code development, subscription sales, and cybercrime customer support.
To avoid detection, the group registered domains using fake identities and addresses across multiple cities and countries. Microsoft’s investigation revealed that Ogundipe, a trained programmer, authored most of the phishing code and oversaw the network’s rapid expansion. The phishing kits were primarily distributed through Telegram, enabling attackers to impersonate Microsoft emails and send millions of phishing messages annually.
Microsoft credited part of its success in shutting down RaccoonO365 to an operational security mistake by the attackers. The error exposed a cryptocurrency wallet linked to their infrastructure, helping investigators trace and map the entire network. This breakthrough allowed the DCU to seize control of the domains through a U.S. court order from the Southern District of New York.
The RaccoonO365 network had continued to evolve, developing more sophisticated tools like RaccoonO365 AI-MailCheck, designed to scale attacks and evade detection. Microsoft emphasized that while these networks are increasingly complex, coordinated efforts between tech companies and law enforcement can effectively disrupt cybercrime operations and protect users worldwide.
source: business day