Microsoft and Cloudflare introduced on Tuesday that they’ve teamed as much as disrupt the RaccoonO365 phishing service, which has been utilized by cybercriminals to steal hundreds of customers’ credentials.
RaccoonO365, which has been round for greater than a yr, has been rented to cybercriminals for between $355 (30-day plan) and $999 (90-day plan) below a phishing-as-a-service (PhaaS) mannequin. Microsoft estimates that the operation earned the prison enterprise at the least $100,000 in cryptocurrency.
The phishing service has been marketed on a Telegram channel with over 850 members, and Microsoft believes RaccoonO365 had at the least 100-200 subscribers.
RaccoonO365 permits customers to create pretend emails, attachments with a hyperlink or QR code, and phishing web sites designed to trick victims into handing over their Microsoft 365 usernames and passwords. The pretend emails and web sites look sensible and creating them doesn’t require any superior abilities.
Based on Microsoft, at the least 5,000 credentials from customers throughout 94 nations have been stolen by RaccoonO365 since July 2024, though the tech big identified that the attackers have been doubtless not ready to make use of the entire compromised credentials to entry networks or conduct fraud.
Microsoft and Cloudflare have taken motion in opposition to RaccoonO365 on a number of fronts. Microsoft teamed up with healthcare cybersecurity non-profit Well being-ISAC to file a lawsuit in opposition to RaccoonO365 operators.
The partnership with Well being-ISAC is defined by the truth that RaccoonO365 has been used to focus on at the least 20 healthcare organizations within the US, which Microsoft says “places public security in danger” as a result of RaccoonO365 phishing emails typically resulting in malware and ransomware, which may have a extreme impression on hospitals.
Along with the lawsuit, Microsoft’s Digital Crimes Unit (DCU) has seized over 330 domains related to the phishing service, which has disrupted the cybercriminals’ technical infrastructure and minimize off their entry to victims. Commercial. Scroll to proceed studying.
Cloudflare was concerned within the operation in opposition to RaccoonO365 as a result of its personal providers have been abused, together with for anti-analysis and evasion.
“Earlier than a request was handed to the precise phishing server, a Cloudflare Staff script inspected the request to find out if it originated from a safety researcher, automated scanner, or sandbox. If any crimson flags have been raised, the connection could be dropped or the shopper would obtain an error message, successfully hiding the phishing equipment,” the net safety agency defined.
Cloudflare’s actions have been performed over a interval of a number of days in early September and the cybercriminals tried to implement some modifications in response.
The corporate has banned domains utilized by RaccoonO365 and positioned phishing warnings in entrance of them, eliminated the Staff scripts utilized by the hackers, and suspended the person accounts related to the operation.
Along with disrupting RaccoonO365 infrastructure, Microsoft introduced that it has recognized the alleged chief of the operation.
The suspect is Joshua Ogundipe, a programmer from Nigeria. Microsoft believes he wrote many of the code, however the firm’s weblog submit signifies that he had a number of associates who aided with improvement, buyer help, and gross sales.
Microsoft has notified worldwide regulation enforcement about Ogundipe.
Associated: RapperBot Botnet Disrupted, American Administrator Indicted
Associated: Just lately Disrupted DanaBot Leaked Invaluable Information for 3 Years
Associated: RedLine and Meta Infostealers Disrupted by Regulation Enforcement
