Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform

Published:

19 december 2025 om 19:05:32

Alert date:

19 december 2025 om 20:02:36

Source:

bleepingcomputer.com

Identity & Access, Email & Messaging, Enterprise Applications

Nigerian police arrested three individuals connected to the Raccoon0365 phishing-as-a-service platform that targeted Microsoft 365 users. The arrests are part of a crackdown on cybercriminals using phishing-as-a-service platforms to conduct targeted attacks against Microsoft 365 accounts. Raccoon0365 was a commercial phishing platform that enabled cybercriminals to easily launch sophisticated phishing campaigns. The arrests demonstrate international law enforcement cooperation in combating cybercrime operations. This represents a significant disruption to a major phishing-as-a-service operation targeting enterprise users.

Technical details

Raccoon0365 is a phishing-as-a-service platform that automated the creation of fake Microsoft login pages for credential theft. The service operated via a Telegram channel with over 800 members, selling phishing kits for $355/month to $999/3 months in exchange for cryptocurrency. The platform hosted phishing pages on Cloudflare using accounts registered with compromised credentials and was responsible for at least 5,000 Microsoft 365 account compromises across 94 countries.

Mitigation steps:

Organizations should implement multi-factor authentication for Microsoft 365 accounts, conduct user awareness training about phishing attacks, monitor for suspicious login activities, and verify the authenticity of Microsoft login pages before entering credentials.

Affected products:

Microsoft 365