- Microsoft and Cloudflare Disturbing the steering wheel phishing service Microsoft 365 identification information
- The Raccoono365 kits used CAPTCHA screens and false Microsoft connections
- The income of the criminal operation estimate at least $ 100,000
By working together, the Microsoft and Cloudflare digital crimes unit say they have managed to disrupt a phishing service that helped criminals steal thousands of user names and Microsoft 365 passwords.
Followed by Microsoft as Storm-2246, Raccoono365 sold subscription kits that imitated Microsoft official messages and connection pages.
From July 2024, these kits helped criminals steal at least around 5,000 sets of skills securities to victims of 94 countries.
Secure the court order
Microsoft identified the group’s leader as Joshua Ogundipe, based in Nigeria, said that the service had been sold on Telegram with hundreds of subscribers.
Microsoft’s digital crimes unit said that it had seized 338 websites used by the group after obtaining a court order in the South District in New York.
“This case shows that cybercriminals do not need to be sophisticated to cause generalized damage – simple tools like connecting365 make cybercrime accessible to practically anyone, putting millions of users in danger,” warned the company.
Cloudflare said that his confidence and confidence and security teams worked with Microsoft to dismantle the infrastructure that supported the service.
According to Cloudflare, phishing kits used a simple Captcha screen and anti-BOT measurements to appear legitimate, before redirecting the victims to false Microsoft connection pages.
Once the identification information has been entered, the attackers could also bypass multi-factory authentication and steal session cookies.
The company has disabled workers’ accounts and has placed warning pages before malicious areas to cut access.
The phishing service worked on a pricing model on several levels, with subscriptions to the “Raccoono365 suite at the price of $ 355 for 30 days or $ 999 for 90 days, with payments only accepted in cryptocurrency.
Microsoft said that the operation had already generated at least $ 100,000 in income, although the actual number is probably higher.
The two companies have described action as part of a wider effort to disrupt phishing platforms as a service.
“Our answer represents a strategic transition from reactive withdrawals and a single field to a proactive and large -scale disturbance,” said Cloudflare, adding: “We aim to considerably increase the operational costs of connecting365 and send a clear message to other malicious actors: the free level is too expensive for criminal companies.”
