In a significant win for cybersecurity, Microsoft and Cloudflare have successfully taken down RaccoonO365, a major 'Phishing-as-a-Service' (PhaaS) operation. This criminal enterprise was dedicated to creating and renting out a sophisticated toolkit specifically designed to steal Microsoft 365 credentials.
The scale of the operation was vast. Since July 2024, the service was responsible for compromising at least 5,000 victims across 94 countries. The stolen Microsoft 365 login data - including credentials and cookies - was then used by customers to gain unauthorised access to OneDrive, SharePoint, and Outlook accounts for purposes like financial fraud and large-scale data theft.
RaccoonO365 utilised clever tactics, such as hiding behind legitimate services and even offering a feature to bypass certain Multi-Factor Authentication (MFA) methods, making it a serious threat. Acting on a court order, Microsoft’s Digital Crimes Unit (DCU) and Cloudflare were able to seize 338 associated websites, effectively crippling the criminals' revenue and operations.
This disruption highlights the critical need for strong security. The full article provides more detail on the takedown, how the phishing kit operated, and offers essential, actionable advice - such as checking web addresses and using security software - to safeguard your organisation’s Microsoft 365 accounts.
Click to read the full article to learn how to keep your Microsoft 365 accounts protected from these sophisticated threats.
