Tech giant Microsoft has taken control of nearly 340 websites connected to a Nigerian-based phishing service known as Raccoon0365. The move follows a U.S. court order in Manhattan, allowing Microsoft to dismantle the subscription-based cybercrime operation.

Raccoon0365, which ran through a private Telegram channel with over 850 subscribers, enabled users to impersonate trusted brands and trick victims into entering their login details on fake Microsoft pages. Since launching in July 2024, the group has stolen at least 5,000 Microsoft user credentials and generated more than $100,000 in cryptocurrency.

Investigations revealed that the phishing attacks targeted multiple industries, with a large focus on organisations in New York City. Between February 12 and 28, 2025 alone, the group sent tax-themed phishing emails to over 2,300 organisations across the U.S. The healthcare sector was also hit, with five organisations successfully compromised and at least 25 others targeted.

According to Steven Masada, Assistant General Counsel for Microsoft’s Digital Crimes Unit, tools like Raccoon0365 are dangerous because they make cybercrime “accessible to virtually anyone, putting millions of users at risk.”

Microsoft identified Joshua Ogundipe, based in Nigeria, as the leader of the group, though he has not responded to requests for comment. The operation relied on Cloudflare services to hide its infrastructure, but Cloudflare cooperated with Microsoft and the U.S. Secret Service to block the attackers and stop them from creating new accounts.

Cybersecurity experts warn that such services show how quickly and easily criminals can scale attacks worldwide, stressing the importance of stronger cyber hygiene and awareness for both individuals and organisations.