When you purchase through links on our site, we may earn an affiliate commission. This doesn’t affect our editorial independence.
Microsoft has dismantled an international phishing network called RaccoonO365. The software giant seized over 300 harmful websites that cybercriminals use to obtain user credentials through counterfeit Microsoft login pages.
The company’s Digital Crimes Unit (DCU) announced that it received approval from the U.S. District Court for the Southern District of New York. It got the court’s approval to shut down 338 domains linked to the network. The network, run by even low-skilled actors, conducts extensive credential theft operations with sophisticated phishing kits.
Microsoft claims that the operation was purportedly organised by Joshua Ogundipe, a Nigerian software developer. He is thought to have authored much of the malicious code. Ogundipe and his colleagues reportedly created the phishing software. Together, they handled subscription sales and offered technical assistance to other criminals who bought the kits.
Also, the firm clarified that the phishing tools were created to mimic Microsoft branding and deceive users into disclosing sensitive information.
Image credit: techpolyp.com
“RaccoonO365’s kits use Microsoft branding to create fake emails, attachments, and websites that seem authentic. In doing so, they lure users into opening, clicking, and submitting their information,” Microsoft stated.
Check Out Previous Posts on this Site
Choicejacking: An Emerging Cybersecurity Threat From Public USB Ports
Android 16 Security Features Unveiled to Tackle Scams and Theft
RaccoonO365 On a Rampage
As of July 2024, kits from RaccoonO365 have facilitated the theft of over 5,000 Microsoft credentials in 94 countries. Although Microsoft clarified that not every instance of stolen data led to compromised networks or fraud, thanks to security measures in place. The statistics underscore the magnitude of the threat and the ongoing use of social engineering techniques in cybercrime.
According to investigators, the scheme’s perpetrators tried to hide their identities by registering internet domains using fake names and addresses dispersed across multiple nations. The phishing kits were mainly shared via Telegram, enabling attackers to obtain tools for sending thousands of emails daily, potentially scaling operations to hundreds of millions of messages annually.
Also, Microsoft stated that the group created new tools to enhance the effectiveness of attacks. These tools include a system called RaccoonO365 AI-MailCheck, which aims to expand the reach and complexity of phishing campaigns.
The inquiry gained significant momentum following an operational security error by the assailants that uncovered a cryptocurrency wallet associated with their network. This slip provided Microsoft’s team with a means to track the extent of the operation and pinpoint those responsible for it.
After the takedown, Microsoft revealed that it had referred Ogundipe to international law enforcement for criminal investigation.
Also, the company emphasised the significance of collaborations in combating cybercrime. “This initiative demonstrates the potential that arises when various sectors collaborate, including tech firms, security organisations, and non-profits. Each must contribute their distinct skills to dismantle criminal networks,” it stated. Further noting, “By harnessing the capabilities of industry, civil society, and government, we can exert a more significant influence on the entire cybercriminal landscape.”