Microsoft Dismantles RaccoonO365 Network, Microsoft 365 Credential Thief Tool

JAKARTA - Microsoft through the Digital Crimes Unit (DCU) succeeded in dismantling and stopping the RaccoonO365 operation, a tool used by cybercriminals to steal Microsoft 365 user credentials.

This step was taken after DCU received an order from the South District Court of New York to confiscate 338 websites that became the main technical infrastructure for the service. This action cut off the perpetrators' access to the victims, as well as to stop the operation of the RaccoonO365.

RaccoonO365, which Microsoft tracks as a Storm-2246 group, provides subscription-based phishing kits that allow anyone to steal Microsoft's username and password by imitating official communications.

To deceive users, the RaficonO365 kit uses Microsoft trademarks for email, attachment, and fake websites to look legitimate, so that recipients are tempted to open, click, and enter their information.

In a report that Microsoft has shared on its official sius since July 2024, the RaccoonO365 kit has been used to steal at least 5,000 Microsoft credentials from 94 countries.

DCU also managed to identify the leader of this criminal network, namely Joshua Ogundipe, a Nigerian-based person. Ogundipe and his colleagues marketed and sold their services on Telegram to a growing customer base.

Hingga saat pengajuan kasus ini, mereka memiliki lebih dari 850 anggota di Telegram dan telah menerima setidaknya 100.000 dolar AS dalam bentuk pembayaran mata uang kripto.

However, Microsoft considers that there are still many legal challenges, especially because of the patch of international regulations used by cybercriminals.

Therefore, Microsoft calls for collaboration between countries to align the law, accelerate cross-border prosecution, and close legal loopholes that allow criminals to operate without punishment.

"By uniting the power of industry, civil society, and the government, we can have a greater impact on the entire ecosystem of cybercrime," Microsoft wrote.