Close Menu

Nigeria Nabs RaccoonO365 Phishing Developer Behind Microsoft 365 Attacks

Staff WriterBy No Comments2 Mins Read3 Views

Top Highlights

  1. Major Arrests: Nigerian authorities apprehended three high-profile internet fraud suspects linked to phishing attacks, including Okitipi Samuel, the developer behind the RaccoonO365 phishing-as-a-service scheme.

  2. Phishing Operations: RaccoonO365, tracked as Storm-2246 by Microsoft, has been responsible for credential harvesting through fake Microsoft 365 login pages, resulting in the theft of over 5,000 credentials from 94 countries.

  3. Collaborative Investigation: The arrests stemmed from an investigation involving Microsoft and the FBI, which led to the seizure of digital devices and 338 domains associated with RaccoonO365.

  4. Wider Cybercrime Impact: The phishing activities have caused significant issues globally, including business email compromises and financial losses, demonstrating a growing threat of sophisticated cybercrime operations.

Nigeria Targets Cybercrime with High-Profile Arrests

Nigerian authorities have taken a significant step in combating cybercrime by arresting three suspects linked to high-profile phishing attacks. Among them, Okitipi Samuel, known as Moses Felix, stands out as the principal developer of the RaccoonO365 phishing-as-a-service (PhaaS) scheme. This operation targeted international corporations, allowing cybercriminals to exploit vulnerable systems.

The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) collaborated with Microsoft and the FBI to track down the suspects. Their investigations revealed that Felix sold phishing links via a Telegram channel in exchange for cryptocurrency. Additionally, he hosted fraudulent Microsoft 365 login portals using stolen email credentials.

Widespread Impact of Phishing Attacks

RaccoonO365 has become notorious for its role in credential harvesting, significantly affecting organizations worldwide. It has been linked to the theft of over 5,000 Microsoft credentials across 94 countries since mid-2024. The joint investigation uncovered unauthorized access incidents that compromised corporate, financial, and educational institutions.

Furthermore, a civil lawsuit filed by Microsoft aims to hold other individuals accountable for their roles in facilitating these cybercrimes. As threats from phishing operations escalate, companies like Google also take action against similar PhaaS services, highlighting a global effort to mitigate damage from such criminal activities. This multi-faceted approach underscores the urgent need for cybersecurity advancements and international cooperation in the battle against cyber threats.

Continue Your Tech Journey

Dive deeper into the world of Cryptocurrency and its impact on global finance.

Access comprehensive resources on technology by visiting Wikipedia.

DataProtection-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Comments are closed.