Microsoft Shuts Down RaccoonO365 Phishing Ring, Seizes 338 Websites

Microsoft’s Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact.

Microsoft’s Digital Crimes Unit (DCU) has taken down a cybercrime service called RaccoonO365. The company announced on September 16 that, through a court order granted by the Southern District of New York, it seized 338 websites linked to the RaccoonO365 operation, which was a popular tool for criminals looking to steal user information.

RaccoonO365, which Microsoft tracks as Storm-2246, offered a subscription service that let anyone, even those without technical skills, steal Microsoft 365 usernames and passwords, known as credentials.  The service provided phishing kits, which are ready-to-use tools that mimic official Microsoft communications to trick people into giving up their information. 

Since July 2024, the service has been used to steal at least 5,000 Microsoft credentials ...