Nigerian Authorities Crack Down on Microsoft 365 Phishing Scam ‘Raccoon0365’

Nigeria Arrests Developers of Microsoft 365 ‘Raccoon0365’ Phishing Platform

The Nigerian law enforcement recently apprehended three individuals associated with targeted cyberattacks on Microsoft 365 using the Raccoon0365 phishing platform.

These sophisticated attacks resulted in business email compromise, data breaches, and financial losses impacting organizations globally.

Thanks to actionable intelligence provided by Microsoft to the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) through the FBI, the authorities were able to conduct a successful operation.

An investigation revealed that the arrested individuals were involved in managing the Raccoon0365 phishing toolkit, which automated the creation of counterfeit Microsoft login pages to steal credentials.

This service was responsible for compromising at least 5,000 Microsoft 365 accounts in 94 countries before being disrupted by Microsoft and Cloudflare last September.

Although the impact of the disruption on identifying the perpetrators in Nigeria remains uncertain, the authorities continue to investigate.

Microsoft was contacted for further details, but they were not immediately available for comment.

The police confirmed that one of the suspects, Okitipi Samuel, also known as “RaccoonO365” and “Moses Felix,” is believed to be the mastermind behind the phishing platform.

Samuel operated a Telegram channel where he sold phishing kits to other cybercriminals in exchange for cryptocurrency and hosted phishing pages on Cloudflare using compromised credentials.

The Telegram channel had over 800 members, with reported access fees ranging from $355/month to $999/3 months.

Cloudflare analysis suggests that the service was predominantly utilized by cybercriminals based in Russia.

While the other two individuals arrested have not been linked to the Raccoon0365 operation, the police continue their investigation.

Notably, Joshua Ogundipe, previously identified by Microsoft as the leader of the phishing service, was not mentioned in the police’s announcement.

Enhance your business security with effective Identity and Access Management strategies. Download our comprehensive guide now!

Discover why traditional IAM practices fall short in today’s cybersecurity landscape, explore best practices, and access a practical checklist for implementing a scalable IAM strategy.

Get the guide