Microsoft and Cloudflare have dealt a significant blow to the RaccoonO365 phishing network, a malware toolkit used to steal Microsoft 365 credentials. On September 8, the U.S. government officials seized 338 domains related to the phishing-as-a-service (Phaas) model. This operation dealt a significant blow to cybercriminal enterprises that terrorize organizations around the globe.
Many of these tools are targeted mostly at criminal cyber actors and operate on a subscription model. The chief conspirator in this scheme, Nigerian Joshua Ogundipe, is still at large, as are four of his co-conspirators. Since its release in September of 2024, RaccoonO365 has contacted over 2,300 organizations throughout the United States. This includes relationships with a minimum of 20 unique healthcare organizations.
The Mechanics of RaccoonO365
RaccoonO365 offer subscriptions from $355 for a 30-day plan up to $999 for a 90-day plan. According to reports, the network has sold between 100 and 200 subscriptions, earning around $100,000 in cryptocurrency payments.
“Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” – Steven Masada
That’s because, while this may be a sophisticated approach, it is cybercriminals’ dream. Even those without deep technical chops are ready to get involved in the cyber underworld with RaccoonO365.
Collaborative Efforts Against Cybercrime
Microsoft’s partnership with Cloudflare is a significant strategic pivot in the fight against cyber threats. The recent actions against RaccoonO365 illustrate that focus on being proactive instead of just reacting after specific cases come to light.
“The response represents a strategic shift from reactive, single-domain takedowns to a proactive, large-scale disruption aimed at dismantling the actor’s operational infrastructure on our platform,” – Cloudflare
This partnership is an important reminder that we should all be more vigilant when it comes to cybersecurity. This attack on RaccoonO365 is a sign of much greater efforts to disrupt organized cybercriminal networks. These criminal networks present a significant danger to our companies and to our communities.
Impact on Organizations and Future Risks
The aftermath of RaccoonO365’s operations has understandably sent shockwaves across organizations globally. With over 2,300 targets in the U.S. alone, the outreach and impact of their phishing campaigns are sobering. Healthcare entities have been particularly vulnerable given their reliance on sensitive data and technology.
Experts warn that the ease and simplicity offered by tools such as RaccoonO365 have democratized cybercrime, making it accessible to almost anyone with malicious intent.
“This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk,” – Steven Masada
As cyber risks develop at an alarming rate, organizations need proactive, multilayer security in place and ongoing awareness in the fight against phishing. Awareness training and improved email filtering systems are essential components in mitigating risks associated with these types of cyber attacks.