In a major victory against cybercrime, Microsoft has announced the successful disruption of RaccoonO365, a rapidly growing phishing-as-a-service (PhaaS) operation responsible for widespread credential theft across the globe. The company’s Digital Crimes Unit (DCU), in collaboration with Cloudflare and Chainalysis, seized 338 malicious websites used to facilitate phishing attacks targeting Microsoft 365 users.

What Is RaccoonO365?

RaccoonO365, tracked by Microsoft as Storm-2246, is a subscription-based phishing kit that allowed cybercriminals, even those with minimal technical skills, to impersonate Microsoft communications and steal login credentials. These kits mimicked official Microsoft branding in emails, attachments, and websites, tricking users into entering sensitive information.

Since its emergence in July 2024, RaccoonO365 has been linked to the theft of at least 5,000 Microsoft credentials across 94 countries. The service was marketed and sold via Telegram, boasting a community of over 850 members and generating more than $100,000 in cryptocurrency payments.

The Man Behind the Malware

Microsoft identified Joshua Ogundipe, a Nigerian-based programmer, as the mastermind behind RaccoonO365. Ogundipe is believed to have authored most of the code and managed the operation with a team that provided customer support and technical upgrades. Investigators traced cryptocurrency transactions to Ogundipe using blockchain analysis tools, leading to a criminal referral to international law enforcement.

Evolving Threats and AI Integration

RaccoonO365’s operators recently began advertising AI-powered services, such as AI-MailCheck, designed to enhance the scale and sophistication of phishing campaigns. The kits also included advanced evasion techniques to bypass multi-factor authentication (MFA), filter user agents, and dynamically route traffic to avoid detection.

Microsoft’s Call to Action

This takedown highlights the growing accessibility and scalability of cybercrime. Microsoft emphasized the need for international cooperation to close legal loopholes and streamline cross-border prosecutions. The company also urged organizations to strengthen their defenses by enabling MFA, using anti-phishing tools, and educating users about evolving threats.

Final Thoughts

The disruption of RaccoonO365 is a powerful example of what can be achieved through collaboration between tech companies, cybersecurity firms, and global law enforcement. But as Microsoft warns, cybercriminals are likely to rebuild. Vigilance, innovation, and cooperation remain essential in the fight against digital threats.