Microsoft and Cloudflare collaborated to dismantle a large phishing-as-a-service platform known as RaccoonO365, also tracked as Storm-2246. Authorities seized control of hundreds of domains and accounts used to host and distribute the malicious service. Since mid-2024, RaccoonO365 had been responsible for stealing thousands of Microsoft 365 credentials from victims across nearly one hundred countries, enabling attackers to gain access to sensitive accounts and services like email, SharePoint, and OneDrive.

The phishing kits behind the operation were marketed and sold through Telegram, with subscription fees ranging from a few hundred to nearly a thousand dollars, typically paid in cryptocurrency. Stolen credentials were exploited for financial fraud, extortion, and deeper intrusions into organizational systems. Investigators identified the main operator as a Nigerian national with ties to Russian-speaking cybercriminal groups. The takedown highlights both the global scale of phishing-as-a-service networks and the importance of cross-industry cooperation in disrupting them.

‍

Source: https://www.bleepingcomputer.com/news/security/microsoft-and-cloudflare-disrupt-massive-raccoono365-phishing-service/