Ethical Hacking News
Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service, a malicious cybercrime operation that has been causing significant harm to individuals and organizations worldwide. With its subscription-based access to pre-built phishing templates, hosting, and support, RaccoonO365 was able to steal thousands of Microsoft 365 credentials in 94 countries. The joint operation by Microsoft's Digital Crimes Unit and Cloudflare successfully disrupted the technical infrastructure of the operation, cutting off the criminal actors' access to victims and severely limiting their ability to carry out future attacks.
Microsoft and Cloudflare joined forces to dismantle RaccoonO365 phishing service. The joint operation disrupted the technical infrastructure of the service, cutting off access to victims and limiting future attacks. The RaccoonO365 phishing service was a subscription-based tool allowing users to create convincing phishing emails for $355-$999. Over 100-200 subscribers generated an estimated $100,000 in cryptocurrency revenue annually. Micrsoft's Digital Crimes Unit seized 338 websites associated with the operation and Cloudflare executed a coordinated takedown of hundreds of domains and Worker accounts. The operation was linked to at least 2,300 U.S. organizations and 20 healthcare providers, compromising sensitive data and causing significant financial losses.
Microsoft and Cloudflare have joined forces to dismantle the RaccoonO365 phishing service, a malicious cybercrime operation that has been causing significant harm to individuals and organizations worldwide. The joint operation, conducted by Microsoft's Digital Crimes Unit and Cloudflare, successfully disrupted the technical infrastructure of the RaccoonO365 phishing service, cutting off the criminal actors' access to victims and severely limiting their ability to carry out future attacks.
The RaccoonO365 phishing service was a sophisticated cybercrime tool that allowed users to purchase a subscription-based access to pre-built phishing templates, hosting, and support. For a mere $355 to $999, individuals could create convincing phishing emails that could steal thousands of Microsoft 365 credentials in as little as 94 countries. The operation was not only used for stealing user credentials but also for conducting tax scams against unsuspecting victims, compromising sensitive data and causing significant financial losses.
According to reports, the RaccoonO365 phishing service had gained a substantial following among cybercriminals, with an estimated 100-200 subscribers. This level of demand led to over $100,000 in cryptocurrency revenue being generated by the operation each year. However, thanks to the collaborative efforts of Microsoft and Cloudflare, this financial windfall was abruptly cut off.
As part of their joint operation, Microsoft's Digital Crimes Unit seized 338 websites associated with the RaccoonO365 phishing service using a court order granted by the Southern District of New York. This bold move effectively disrupted the technical infrastructure of the operation, cutting off the criminal actors' access to victims and severely limiting their ability to carry out future attacks.
Cloudflare also played a crucial role in the joint operation, executing a coordinated takedown of hundreds of domains and Worker accounts associated with the RaccoonO365 phishing service. This action effectively dismantled the infrastructure on Cloudflare's network, rendering it inaccessible to the criminal actors.
According to Pierluigi Paganini, the author of the original article, "In early September 2025, in a strategic effort to prevent this phishing abuse on our services, Cloudflare executed a coordinated takedown of hundreds of domains and Worker accounts associated with the actor, effectively dismantling their infrastructure on our network." This statement highlights the importance of cooperation between major technology companies like Cloudflare and law enforcement agencies like Microsoft's Digital Crimes Unit.
The RaccoonO365 phishing service was also linked to an individual named Joshua Ogundipe, a Nigerian national who was identified as the leader of the operation. Ogundipe was a skilled programmer who wrote most of the code for the phishing tool, managed sales, and provided support to other users. His group used fake domains to evade detection but ultimately fell victim to their own scheme when a leaked crypto wallet exposed their operations.
The impact of the RaccoonO365 phishing service cannot be overstated. With an estimated 5,000 Microsoft 365 credentials stolen in 94 countries alone, this operation posed a significant threat to individual and organizational security worldwide. The operation was also linked to tax scams against at least 2,300 U.S. organizations and 20 healthcare providers, compromising sensitive data and causing significant financial losses.
In the aftermath of the joint operation by Microsoft and Cloudflare, authorities have taken steps to refer Joshua Ogundipe to law enforcement, bringing an end to this sophisticated cybercrime operation.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-and-Cloudflare-Jointly-Disrupt-RaccoonO365-Phishing-Service-Foiling-Cybercrime-Operation-ehn.shtml
https://securityaffairs.com/182294/cyber-crime/microsoft-and-cloudflare-teamed-up-to-dismantle-the-raccoono365-phishing-service.html
Published: Wed Sep 17 18:30:33 2025 by llama3.2 3B Q4_K_M
