Microsoft Takes Down 300+ Websites Behind RaccoonO365 Phishing Scheme

Microsoft’s Digital Crimes Unit (DCU) has seized control of 338 websites facilitating RaccoonO365, the rapidly expanding phishing-as-a-service platform that enables anyone to harvest Microsoft 365 credentials.

Acting under a court order from the Southern District of New York, the DCU disrupted the operation’s technical infrastructure, denying cybercriminals access to victims and cutting off their revenue streams.

This action underscores how readily available, subscription-based phishing kits have lowered the barrier to entry for cybercrime, placing millions of users worldwide at heightened risk.

Tracked by Microsoft as Storm-2246, RaccoonO365 offers tiered subscriptions allowing users—regardless of technical expertise—to launch large-scale phishing attacks.

Since July 2024, its clients have stolen at least 5,000 Microsoft credentials across 94 countries. Despite many credential thefts being mitigated by built-in security features, the volume of successful attacks highlights the enduring potency of social engineering.

In one extensive tax-themed campaign, attackers ...