Microsoft Takes Down Major Phishing Operation That Stole 5,000+ Credentials

Microsoft and Cloudflare dismantle RaccoonO365, a phishing-as-a-service operation, seizing 338 sites and impacting cybercrime globally.

By Content Team

Sep 18, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft and Cloudflare shut down RaccoonO365, a notorious phishing-as-a-service operation that helped cybercriminals steal Microsoft 365 credentials with little technical skill required. Using a court order, Microsoft seized 338 websites tied to the service, which had stolen at least 5,000 credentials from 94 countries since July 2024.

The operation, run by Nigerian mastermind Joshua Ogundipe, offered subscription-based phishing kits for $600 annually. These kits used Microsoft branding to create convincing fake emails and websites, targeting over 2,300 US organizations and 20 healthcare facilities.

Microsoft identified Ogundipe through a cryptocurrency wallet security lapse and sent a criminal referral to international law enforcement. The takedown represents a significant blow to the growing phishing-as-a-service industry.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Companies House Security Breach Exposes UK Business Data

Mar 31, 2026

FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Mar 15, 2026

New WebRTC Skimmer Bypasses Security to Steal Credit Card Data

Mar 26, 2026

Microsoft Rushes Emergency Patch for Office Zero-Day Under Active Attack

Jan 28, 2026