RaccoonO365 Phishing Service Disrupted, Leader Identified

Microsoft and Cloudflare announced on Tuesday that they have teamed up to disrupt the RaccoonO365 phishing service, which has been used by cybercriminals to steal thousands of users’ credentials. 

RaccoonO365, which has been around for more than a year, has been rented to cybercriminals for between $355 (30-day plan) and $999 (90-day plan) under a phishing-as-a-service (PhaaS) model. Microsoft estimates that the operation earned the criminal enterprise at least $100,000 in cryptocurrency.

The phishing service has been advertised on a Telegram channel with over 850 members, and Microsoft believes RaccoonO365 had at least 100-200 subscribers.

RaccoonO365 enables users to create fake emails, attachments with a link or QR code, and phishing websites designed to trick victims into handing over their Microsoft 365 usernames and passwords. The fake emails and websites look realistic and creating them does not require any advanced skills.

According to Microsoft, at least 5,000 credentials ...