Microsoft Takes Down 340 Websites Linked to Nigerian Phishing RingMicrosoft has scored a major win in the fight against cybercrime after seizing nearly 340 websites linked to a Nigeria-based phishing network known as Raccoon0365.
The tech giant said it obtained a court order from a U.S. District Court in Manhattan, giving it the green light to take over domains connected to the illegal operation. The crackdown comes after months of investigations into the service, which has been running on a subscription model and actively targeting unsuspecting users.
Raccoon0365 operated through a private Telegram channel with more than 850 paying members. These subscribers used the service to create fake Microsoft login pages, impersonate trusted brands, and trick victims into giving up their passwords.
According to Steven Masada, Microsoft’s assistant general counsel for the Digital Crimes Unit, the group has made at least $100,000 in cryptocurrency since it launched in July 2024. Microsoft’s investigation identified Joshua Ogundipe, a Nigeria-based individual, as the alleged mastermind behind the operation. However, he has not commented on the allegations.
The phishing attacks were widespread, but investigators say New York City-based companies were hit hardest. Between February 12 and 28, 2025 alone, Raccoon0365 reportedly targeted over 2,300 organisations, many of them using tax-themed phishing emails to lure victims.
Healthcare organisations were also among those targeted. Errol Weiss, Chief Security Officer of the Health Information Sharing & Analysis Center, confirmed that five healthcare providers had their staff credentials stolen, while 25 more were targeted but escaped compromise.
He warned that cyberattacks like this could have devastating consequences once hackers gain access to sensitive systems.
The group tried to hide its infrastructure by using services from Cloudflare. But Cloudflare cooperated with Microsoft and the U.S. Secret Service to cut off access and shut down the malicious network.
Blake Darché, head of threat intelligence at Cloudflare, admitted that while the criminals made a few security mistakes, they were still “highly effective.”
Microsoft warned that tools like Raccoon0365 are dangerous because they make cybercrime easy for almost anyone to try.
“Simple tools such as Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk,” Masada said.
0 Comments