PUBLISHED ONSeptember 17, 2025 1:35 PMBYKhoo Yi-HangMicrosoft has seized 338 websites used in relation to a rapidly growing phishing service that has seen around 70 people in Singapore fall victim, the company said in press release on Wednesday (Sept 17).
The service, known as RaccoonO365, is a tool used by cybercriminals to steal Microsoft 365 usernames and passwords, according to Microsoft.
Phishing kits are offered via a subscription, letting users steal credentials from victims even if they are not familiar with the technology.
"This case shows that cybercriminals don't need to be sophisticated to cause widespread harm — simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk," Microsoft Digital Crimes Unit (DCU) assistant general counsel Steven Masada said in a blogpost on Tuesday (Sept 16).
Since its operation, these kits have been used to steal at least 5,000 Microsoft credentials from 94 countries, he said.
Among these credentials were some that belonged to around 70 people in Singapore, the tech giant said.
The firm is now taking legal action against the scammers after a court order was granted by the Southern District of New York, which has allowed them to seize 338 websites associated with the service.
This has allowed Microsoft's DCU to disrupt the operation's technical infrastructure, cutting off criminals' access to victims.
Masada said in the blogpost that the leader of the criminal enterprise has been identified as Joshua Ogundipe, who is based in Nigeria.
They have allegedly sold their services via a Telegram group which has over 850 members, and have received at least US$100,000 (S$127,657) in cryptocurrency payments.
Using RaccoonO365's services, customers can input up to 9,000 target email addresses per day and employ sophisticated techniques to circumvent multi-factor authentication protections to steal user credentials and gain persistent access to victims' systems.
Most recently, the group started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication-and effectiveness-of attacks.
Masada added: "Importantly, filing a lawsuit is just the start. We always expect actors to try to rebuild their operations.
"That means the DCU will continue to take additional legal steps in the case to dismantle any new or reemerging infrastructure."
"Microsoft remains committed to working with others — across borders and sectors — to combat this ever-evolving threat and help build a safer digital world," Masada added.
[[nid:722105]]
khooyihang@asiaone.com