Microsoft shut down Nigeria linked phishing service RaccoonO365.
Microsoft has dismantled a global phishing network known as RaccoonO365, seizing more than 300 malicious websites that cybercriminals used to steal user credentials through fake Microsoft login pages.
The company’s Digital Crimes Unit (DCU) said it obtained authorization from the U.S. District Court for the Southern District of New York to take down 338 domains associated with the scheme. The service, which operated on a subscription basis, allowed even low-skilled attackers to run large-scale credential theft campaigns using pre-packaged phishing kits.
According to Microsoft, the operation was allegedly coordinated by Joshua Ogundipe, a Nigerian computer programmer believed to have written much of the malicious code. Ogundipe and his associates were said to have developed the phishing software, managed subscription sales, and even provided technical support to other criminals who purchased the kits.
In a statement, the company explained that the phishing tools were designed to impersonate Microsoft branding and trick users into sharing sensitive information. “To deceive users, RaccoonO365’s kits use Microsoft branding to make fraudulent emails, attachments, and websites appear legitimate, enticing recipients to open, click, and enter their information,” Microsoft said.
Since July 2024, the kits have been used to steal at least 5,000 Microsoft credentials across 94 countries. Microsoft explained that while not all stolen information resulted in compromised networks or fraud due to remediation by security features,the figures highlight the scale of the threat and the persistence of social engineering tactics in cybercrime.
Investigators said the criminals behind the scheme attempted to cover their tracks by registering internet domains under false names and addresses spread across several countries. The phishing kits were primarily distributed through Telegram, where attackers could acquire tools to send thousands of emails daily, with the potential to scale operations to hundreds of millions of messages each year.
Microsoft added that the group had begun developing new tools to make attacks more effective, including a system named RaccoonO365 AI-MailCheck, which was intended to increase the reach and sophistication of phishing campaigns.
The investigation received a major boost after an operational security mistake by the attackers revealed a cryptocurrency wallet connected to their infrastructure. This slip gave Microsoft’s team a way to trace the scope of the operation and identify those behind it.
Microsoft has dismantled a global phishing network known as RaccoonO365, seizing more than 300 malicious websites that cybercriminals used to steal user credentials through fake Microsoft login pages.
The company’s Digital Crimes Unit (DCU) said it obtained authorization from the U.S. District Court for the Southern District of New York to take down 338 domains associated with the scheme. The service, which operated on a subscription basis, allowed even low-skilled attackers to run large-scale credential theft campaigns using pre-packaged phishing kits.
According to Microsoft, the operation was allegedly coordinated by Joshua Ogundipe, a Nigerian computer programmer believed to have written much of the malicious code. Ogundipe and his associates were said to have developed the phishing software, managed subscription sales, and even provided technical support to other criminals who purchased the kits.
In a statement, the company explained that the phishing tools were designed to impersonate Microsoft branding and trick users into sharing sensitive information. “To deceive users, RaccoonO365’s kits use Microsoft branding to make fraudulent emails, attachments, and websites appear legitimate, enticing recipients to open, click, and enter their information,” Microsoft said.
Since July 2024, the kits have been used to steal at least 5,000 Microsoft credentials across 94 countries. Microsoft explained that while not all stolen information resulted in compromised networks or fraud due to remediation by security features,the figures highlight the scale of the threat and the persistence of social engineering tactics in cybercrime.
Investigators said the criminals behind the scheme attempted to cover their tracks by registering internet domains under false names and addresses spread across several countries. The phishing kits were primarily distributed through Telegram, where attackers could acquire tools to send thousands of emails daily, with the potential to scale operations to hundreds of millions of messages each year.
Microsoft added that the group had begun developing new tools to make attacks more effective, including a system named RaccoonO365 AI-MailCheck, which was intended to increase the reach and sophistication of phishing campaigns.
The investigation received a major boost after an operational security mistake by the attackers revealed a cryptocurrency wallet connected to their infrastructure. This slip gave Microsoft’s team a way to trace the scope of the operation and identify those behind it.
Microsoft shut down Nigeria linked phishing service RaccoonO365.
Microsoft has dismantled a global phishing network known as RaccoonO365, seizing more than 300 malicious websites that cybercriminals used to steal user credentials through fake Microsoft login pages.
The company’s Digital Crimes Unit (DCU) said it obtained authorization from the U.S. District Court for the Southern District of New York to take down 338 domains associated with the scheme. The service, which operated on a subscription basis, allowed even low-skilled attackers to run large-scale credential theft campaigns using pre-packaged phishing kits.
According to Microsoft, the operation was allegedly coordinated by Joshua Ogundipe, a Nigerian computer programmer believed to have written much of the malicious code. Ogundipe and his associates were said to have developed the phishing software, managed subscription sales, and even provided technical support to other criminals who purchased the kits.
In a statement, the company explained that the phishing tools were designed to impersonate Microsoft branding and trick users into sharing sensitive information. “To deceive users, RaccoonO365’s kits use Microsoft branding to make fraudulent emails, attachments, and websites appear legitimate, enticing recipients to open, click, and enter their information,” Microsoft said.
Since July 2024, the kits have been used to steal at least 5,000 Microsoft credentials across 94 countries. Microsoft explained that while not all stolen information resulted in compromised networks or fraud due to remediation by security features,the figures highlight the scale of the threat and the persistence of social engineering tactics in cybercrime.
Investigators said the criminals behind the scheme attempted to cover their tracks by registering internet domains under false names and addresses spread across several countries. The phishing kits were primarily distributed through Telegram, where attackers could acquire tools to send thousands of emails daily, with the potential to scale operations to hundreds of millions of messages each year.
Microsoft added that the group had begun developing new tools to make attacks more effective, including a system named RaccoonO365 AI-MailCheck, which was intended to increase the reach and sophistication of phishing campaigns.
The investigation received a major boost after an operational security mistake by the attackers revealed a cryptocurrency wallet connected to their infrastructure. This slip gave Microsoft’s team a way to trace the scope of the operation and identify those behind it.
0 Yorumlar
·0 hisse senetleri
·586 Views
