New Delhi: Microsoft’s Digital Crimes Unit (DCU) has disrupted RaccoonO365 the fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords (“credentials”), said ंan official statement.
‘RaccoonO365’ is a lesser-known threat group that operates a Phishing-as-a-Service (PaaS) model that offers phishing assets, links and related tools.
The official statement said “Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims.”
“RaccoonO365, tracked by Microsoft as Storm-2246 offers subscription-based phishing kits. These let anyone–even those with technical skills–steal Microsoft’s credentials by mimicking official Microsoft communications.” it added.
However, since July 2024 RaccoonO365’s kits have been used to steal at least 5,000 Microsoft credentials from 94 countries. While not all stolen information results in compromised networks or fraud due to a variety of security features employed to remediate results, these numbers underscore the scale of threat and how social engineering remains a go-to tactic for cybercriminals.
‘Social engineering’ is a manipulation technique that exploits human error to gain private information, access or valuables. In cybercrime, these ‘Human Hacking’ scams tend to lure unsuspecting users into exposing data, spreading malware infections or giving access to restricted systems.
In just over a year, RaccoonO365 has swiftly evolved, rolling out regular upgrades to meet rising demand. This rapid growth underscores why taking legal action now is crucial to stop RaccoonO365 activities, said official document.
Microsoft’s Digital Crimes Unit (DCU) is an international team of technical, legal and business experts that has been fighting cybercrime to protect victims since 2008.
