""Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation's technical infrastructure and cutting off criminals' access to victims," Steven Masada, assistant general counsel at DCU, said. "This case shows that cybercriminals don't need to be sophisticated to cause widespread harm - simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.""
"Tracked by the Windows maker under the name Storm-2246, RaccoonO365 is marketed to other cybercriminals under a subscription model, allowing them to mount phishing and credential harvesting attacks at scale with little to no technical expertise. A 30-day plan costs $355, and a 90-day plan is priced at $999. The operators also claim that the tool is hosted on bulletproof virtual private servers with no hidden backdoors (unlike, say, BulletProofLink), and that it's "built for serious players only - no low-budget freeloaders.""
Law enforcement and Cloudflare coordinated a takedown of 338 domains tied to RaccoonO365, a phishing-as-a-service operation that harvested more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. The seizure used a Southern District of New York court order and actions between September 2–8, 2025 included banning domains, placing interstitial phish-warning pages, terminating associated Workers scripts, and suspending user accounts. RaccoonO365, tracked as Storm-2246, is sold by subscription (30-day $355; 90-day $999) and claims bulletproof hosting. Campaigns have impersonated brands like Microsoft, DocuSign, SharePoint, Adobe, and Maersk to harvest credentials at scale.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]