Microsoft has dismantled the infrastructure of RaccoonO365, a financial threat group that has facilitated the theft of more than 5,000 Microsoft credentials since July 2024, by seizing 338 domains related to this criminal activity. According to a report published by the company, RaccoonO365, also known as Storm-2246, has become the fastest-growing phishing tool used by cybercriminals, operating in 94 countries and targeting more than 2,300 organizations in the United States through tax-related themed phishing campaigns.
A high-profile operation
The phishing kits offered by RaccoonO365, which include fraudulent emails and counterfeit websites branded with Microsoft, have particularly impacted organizations in the healthcare sector in the United States. “The rapid evolution and accessibility of services like RaccoonO365 indicate that we are entering a new alarming phase of cybercrime, where scams and threats are likely to multiply exponentially”, warned Steven Masada, assistant attorney in the Digital Crimes Unit at Microsoft.
Microsoft, in collaboration with Cloudflare and Chainalysis, carried out this operation under a court order from the Southern District Court of New York, successfully identifying and tracking cryptocurrency transactions linked to the criminal organization. Joshua Ogundipe, a Nigerian accused of leading this group, allegedly obtained more than $100,000 in cryptocurrencies by selling phishing kits to a community of over 850 members on Telegram. The company has noted that Ogundipe has a background in programming and would be responsible for much of the code of this criminal platform.
However, Microsoft also emphasized the deficiencies of international regulations, highlighting the lack of government cooperation in the fight against cybercrime as a significant obstacle. Despite the success of this intervention, experts anticipate that cybercriminals will attempt to rebuild their operations, which requires a constant effort from authorities to close the existing gaps in current legislation.
