- Microsoft and CloudFlare interfere with the phishing service stealing Microsoft 365 -Slimation information
- RACCOONO365 -SET USED CAPTCHA -SKREMES AND FALSE MICROSOFT -LOGINS
- Revenue from the criminal operation that is estimated to be at least $ 100,000
In collaboration, Microsoft’s digital crime unit and Cloudflare say they have disturbed a phishing service that helped criminals steal thousands of Microsoft 365 user names and passwords.
The track of Microsoft as Storm-2246 sold RacCoono365 subscription sets that imitated official Microsoft messages and login pages.
From July 2024, these sets of criminals helped steal at least estimated 5,000 sets of credentials from victims in 94 countries.
Security of judicial decision
Microsoft identified the group’s leader as Joshua Ogundipe, based in Nigeria, and said the service was marketed on telegram with hundreds of subscribers.
Microsoft’s digital crime unit said it seized 338 sites used by the group after securing a court decision from the southern district of New York.
“This case shows that cyber criminals do not have to be sophisticated to cause widespread damage – simple tools like RacCoono365 make cyber crime available to virtually anyone, putting millions of users at risk,” the company warned.
Cloudflare said that Cloudforce One and Trust and Security Teams worked with Microsoft to run the infrastructure that supported the service.
According to Cloudflare, phishing set used a simple captcha screen and anti-bot measures to seem legitimate before redirecting the victims of fake Microsoft login pages.
Once the credentials were entered, attackers could also bypass multi-factor approval and steal session cookies.
The company disabled workers’ accounts and placed warning pages in front of malicious domains to cut off access.
The phishing service operated on a layered priced model with subscriptions to “RacCoono365 Suite” at a price of $ 355 for 30 days or $ 999 for 90 days, with payments accepted only in cryptocurrency.
Microsoft said the operation had already generated at least $ 100,000 in revenue, though the true number is likely to be higher.
Both companies described the action as part of a broader effort to interfere with phishing-as-a-service platforms.
“Our response represents a strategic shift from reactive, single-domain takeings to a proactive, large-scale disturbance,” Cloudflare said, adding, “We aim to increase the raccoon 365’s operational costs and send a clear message to other malicious actors: The free level is too expensive at criminal enterprises.”
