The service, called "Raccoon0365," allowed users to engage in phishing campaigns that involved thousands of emails at a time, according to Steven Masada, assistant general counsel for Microsoft's Digital Crimes Unit.
The phishing operation ended up stealing at least 5,000 Microsoft user credentials.
Phishing is a cybercrime in which criminals impersonate trustworthy domains to deceive users into revealing sensitive information like passwords or banking details.
How did the phishing scheme work?
Raccoon0365 operates through a private Telegram channel with over 850 subscribers.
The service enables users to impersonate trusted brand names and get targets to enter Microsoft login details on fake Microsoft platforms. According to Microsoft's Masada, the service has generated at least $100,000 (€84,425) in cryptocurrency payments for its operators since launching in July 2024.
Raccoon0365 users targeted a wide range of industries, a significant number of which are organizations based in New York City, Masada said.
Raccoon0365 operates through a private Telegram channel with over 850 subscribers.
The service enables users to impersonate trusted brand names and get targets to enter Microsoft login details on fake Microsoft platforms. According to Microsoft's Masada, the service has generated at least $100,000 (€84,425) in cryptocurrency payments for its operators since launching in July 2024.
Raccoon0365 users targeted a wide range of industries, a significant number of which are organizations based in New York City, Masada said.
How did Microsoft seize Raccoon0365?
According to Masada, Microsoft identified what it said was a Raccoon0365-related effort using tax-themed phishing emails to target more than 2,300 organizations, mostly in the US, in February this year, according to a company blog posted in April.
Earlier this month, Microsoft obtained an order from the US District Court in Manhattan to seize domains associated with Raccoon0365. The seizure of the websites occurred over a period of days earlier this month.
"Cybercriminals don't need to be sophisticated to cause widespread harm," Masada said. "Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk," he added.
Raccoon0365 operators used Cloudflare services to help conceal the service's backend infrastructure. Cloudflare worked with Microsoft and the US Secret Service to take down Raccoon0365 operations and prevent the operators from establishing new accounts.
Blake Darche, the head of threat intelligence at Cloudflare, said that while Raccoon0365 operators made some operational security mistakes, they were highly effective.
"They're in people's accounts, they compromise lots of people, and it needs to obviously be stopped," he said.
According to Masada, Microsoft identified what it said was a Raccoon0365-related effort using tax-themed phishing emails to target more than 2,300 organizations, mostly in the US, in February this year, according to a company blog posted in April.
Earlier this month, Microsoft obtained an order from the US District Court in Manhattan to seize domains associated with Raccoon0365. The seizure of the websites occurred over a period of days earlier this month.
"Cybercriminals don't need to be sophisticated to cause widespread harm," Masada said. "Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk," he added.
Raccoon0365 operators used Cloudflare services to help conceal the service's backend infrastructure. Cloudflare worked with Microsoft and the US Secret Service to take down Raccoon0365 operations and prevent the operators from establishing new accounts.
Blake Darche, the head of threat intelligence at Cloudflare, said that while Raccoon0365 operators made some operational security mistakes, they were highly effective.
"They're in people's accounts, they compromise lots of people, and it needs to obviously be stopped," he said.
No comments:
Post a Comment