- Microsoft and Cloudflare interrupts the Phishing service stealing Microsoft 365 credentials 365
- Raccoono365 kits used Captcha screens and Microsoft false session
- The income of the criminal operation is estimated that they are at least $ 100,000
Working together, the Digital Crimes Unit of Microsoft and Cloudflare say they have successfully interrupted a Phishing service that helped criminals to steal thousands of User names and passwords of Microsoft 365.
Traced by Microsoft as Storm-2246, RACCOONO365 sold subscription kits that imitated the official Microsoft messages and the login pages.
As of July 2024, these kits helped criminals to steal at least one estimated 5,000 series of victims credentials in 94 countries.
Ensure the court order
Microsoft identified the group leader as Joshua Ogundipe, based in Nigeria, and said the service was marketed on Telegram with hundreds of subscribers.
The Microsoft digital crimes unit said it seized 338 websites used by the group after obtaining a court order from the Southern New York district.
“This case shows that cybercriminals do not need to be sophisticated to cause generalized damage: simple tools such as RACCOONO365 make the cybercrime crime accessible to virtually any person, putting millions of users at risk,” the company warned.
Cloudflare said his cloudforce One and the trusted and security teams worked with Microsoft to dismantle the infrastructure that supported the service.
According to Cloudflare, Phishing Kits used a simple captcha screen and anti-boot measures to look legitimate, before redirecting victims to pretend Microsoft login pages.
Once the credentials were entered, the attackers could also omit multifactor authentication and steal session cookies.
The company disabled workers accounts and placed warning pages against malicious domains to cut access.
The Phishing service operated in a stepped price model, with subscriptions to the “Raccoono365” suite “with a price of $ 355 for 30 days or $ 999 for 90 days, with payments only accepted in cryptocurrencies.
Microsoft said the operation had already generated at least $ 100,000 in income, although the real number is likely to be higher.
Both companies described the action as part of a broader effort to interrupt Phishing platforms as a service.
“Our response represents a strategic change of reagent and unique domain demolitions to a large -scale proactive interruption,” said Cloudflare, added: “Our goal is to significantly increase the operating costs of Raccoono365 and send a clear message to other malicious actors: the free level is too expensive for criminal companies.”
