Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Briefly

"Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) said investigations conducted in collaboration with Microsoft and the Federal Bureau of Investigation (FBI) led to the identification of Okitipi Samuel, also known as Moses Felix, as the principal suspect and developer of the phishing infrastructure."

""Investigations reveal that he operated a Telegram channel through which phishing links were sold in exchange for cryptocurrency and hosted fraudulent login portals on Cloudflare using stolen or fraudulently obtained email credentials," the NPF said in a post shared on social media. In addition, laptops, mobile devices, and other digital equipment linked to the operation have been seized following search operations conducted at their residences. The two other arrested individuals have no connection to the creation or operation of the PhaaS service, per the NPF."

"RaccoonO365 is the name assigned to a financially motivated threat group behind a PhaaS toolkit that enables bad actors to conduct credential harvesting attacks by serving phishing pages mimicking Microsoft 365 login pages. Microsoft is tracking the threat actor under the moniker Storm-2246. Back in September 2025, the tech giant said it worked with Cloudflare to seize 338 domains used by RaccoonO365. The phishing infrastructure attributed to the toolkit is estimated to have led to the theft of at least 5,000 Microsoft credentials from 94 countries since July 2024."