Microsoft and Cloudflare Take Down Phishing Kit RaccoonO365
In a collaborative effort, Microsoft, alongside Cloudflare, has successfully dismantled 338 websites linked to RaccoonO365, a notorious phishing kit subscription service. This operation highlights a significant move against cybercrime, particularly targeting phishing activities aimed at Microsoft 365 users.
Exploiting Phishing Tactics
RaccoonO365 provided cybercriminals, even those with minimal technical knowledge, a user-friendly platform to orchestrate sophisticated phishing campaigns. The service generated deceptive emails that closely mimicked legitimate communications, complete with Microsoft branding, to trick unsuspecting users into revealing their credentials. This accessibility made it a popular choice among less skilled hackers, amplifying the risk posed to countless users across the globe.
Scale of the Threat
According to Microsoft, RaccoonO365 has facilitated the theft of over 5,000 Microsoft credentials since mid-2024, affecting victims across 94 countries, including 420 in Australia. In a blog post, Microsoft emphasized that while not all stolen credentials lead to security breaches, the numbers reflect a growing threat. “Social engineering remains a go-to tactic for cyber criminals. This scale of theft underscores a significant challenge in cybersecurity,” they noted.
The company further expressed concern over the rapid evolution and widespread availability of services like RaccoonO365, suggesting a troubling shift in the cybercrime landscape, where scams and attacks are becoming increasingly common and sophisticated.
Legal Action and Takedown Operation
The takedown execution became possible following a court order granted by the Southern District of New York in August. With assistance from Cloudflare, Microsoft’s Digital Crimes Unit worked meticulously to dismantle RaccoonO365’s digital infrastructure. Over the course of August and September, they managed to take down both domains and worker accounts associated with the service.
Despite these efforts, the operators behind RaccoonO365 attempted to recover quickly. On September 5, 2025, the RaccoonO365 team announced via Telegram their plan to regroup, presenting the service disruption as a “rebirth” of their operations. They encouraged subscribers to transition to a new platform, attempting to retain their user base amid the crackdown.
RaccoonO365’s Business Model
RaccoonO365 was not just a tool for individual cybercriminals; it offered a range of subscription packages tailored to various needs. A budget-friendly option was available for $355, designed for short-term use or testing purposes. For those more invested in their criminal activities, a $999 subscription for 90 days was offered, marketed to power users running ongoing campaigns.
The service boasted zero backdoors and tracking, alongside promises of a “100 percent clean, encrypted infrastructure" and real-time support, claiming to operate on a robust hosting service impervious to disruptions.
Leadership Behind RaccoonO365
Microsoft’s investigations led them to identify Joshua Ogundipe, a key figure based in Nigeria, along with several associates. The investigation revealed that Ogundipe and his team had amassed over 850 members on Telegram and received at least $100,000 in cryptocurrency payments, indicating a thriving operation with substantial financial backing.
Given the nature of the subscriptions—each capable of enabling criminals to send thousands of phishing emails daily—the impact of RaccoonO365’s operations was far-reaching. Microsoft estimated that subscriptions likely facilitated the sending of hundreds of millions of malicious emails annually.
Future of Cybersecurity Efforts
International law enforcement agencies have been alerted to Ogundipe’s activities, signaling a broader commitment to combat cybercrime on a global scale. As organizations like Microsoft and Cloudflare intensify their efforts against phishing schemes and cyber threats, the landscape of online security continues to evolve, demanding vigilance and proactive measures from both companies and users alike.
The ongoing fight against platforms like RaccoonO365 highlights the importance of cybersecurity awareness and underscores the critical need for enhanced protective measures. As cybercriminals adapt and find new methods to exploit vulnerabilities, the collaboration between tech giants and law enforcement is essential in navigating this complex landscape.
