Microsoft seizes 338 websites to disrupt rapidly growing ‘RaccoonO365’ phishing service blogs.microsoft.com/on-the-is…

Microsoft’s Digital Crimes Unit (DCU) has disrupted RaccoonO365, the fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords (“credentials”). Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims. This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm—simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.

RaccoonO365, tracked by Microsoft as Storm-2246, offers subscription-based phishing kits. These let anyone—even those with little technical skill—steal Microsoft credentials by mimicking official Microsoft communications. To deceive users, RaccoonO365’s kits use Microsoft branding to make fraudulent emails, attachments, and websites appear legitimate, enticing recipients to open, click, and enter their information.