Microsoft Takes Over 340 Websites Connected to Expanding Phishing Subscription Network
In a recent development, Microsoft 365 has seized nearly 340 websites tied to a Nigerian-based phishing service called Raccoon0365. This service, which enables users to impersonate trusted brands and steal Microsoft 365 user credentials, has caused significant harm to at least five unnamed healthcare organizations and numerous accounts in various organizations.
The primary operator and ringleader behind Raccoon0365 is identified as Joshua Ogundipe, based in Nigeria. Since its launch in July 2024, Raccoon0365 has generated at least $100,000 in cryptocurrency payments.
The service operates through a private Telegram channel with over 850 subscribers, providing a subscription for users to carry out phishing operations. Errol Weiss, the chief security officer of Health-ISAC, has stated that Raccoon0365 has been linked to successful credential harvesting through phishing campaigns at these healthcare organizations.
Multiple attacks can stem from a single individual giving up their user name and password to a bad actor, potentially allowing the actor access to the network. The Raccoon0365 operators' actions need to be stopped, according to Blake Darché, the head of threat intelligence at Cloudflare.
Cloudflare worked with Microsoft 365 and the U.S. Secret Service to disrupt Raccoon0365 operations on its platform and prevent the operators from establishing new accounts. However, the operators made some key operational security mistakes but were highly effective, according to Darché.
The Raccoon0365 operators' actions have the potential to be monetized in various ways once they gain access to a network. A significant portion of Raccoon0365 activity targets organizations based in New York City. The service has also targeted a total of 25 health sector organizations and a wide range of industries.
Cybercriminals don't need to be sophisticated to cause widespread harm with tools like Raccoon0365, putting millions of users at risk. It is crucial to remain vigilant and follow best practices for online security to protect against such threats.
Read also:
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
- Increased instances of Russian-originated disinformation on social media platforms detected following the shooting of Kirk
- Financial researchers at Carnegie urge immediate efforts to counteract cyber threats in the financial sector
