{"id":222061,"date":"2025-09-18T03:32:41","date_gmt":"2025-09-18T08:32:41","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/09\/microsoft-and-cloudflare-disrupt-massive-raccoono365-phishing-service"},"modified":"2025-09-18T03:32:41","modified_gmt":"2025-09-18T08:32:41","slug":"microsoft-and-cloudflare-disrupt-massive-raccoono365-phishing-service","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/09\/microsoft-and-cloudflare-disrupt-massive-raccoono365-phishing-service","title":{"rendered":"Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-and-cloudflare-disrupt-massive-raccoono365-phishing-service2.jpg\"><\/a><\/p>\n<p>Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials.<\/p>\n<p>In early September 2025, in coordination with <a href=\"https:\/\/www.cloudflare.com\/threat-intelligence\/research\/report\/cloudflare-participates-in-global-operation-to-disrupt-raccoono365\/\" target=\"_blank\" rel=\"nofollow noopener\">Cloudflare\u2019s Cloudforce One<\/a> and Trust and Safety teams, Microsoft\u2019s Digital Crimes Unit (DCU) disrupted the cybercrime operation by seizing 338 websites and Worker accounts linked to RaccoonO365.<\/p>\n<p>The cybercrime group behind this service (also tracked by Microsoft as Storm-2246) has stolen at least 5,000 Microsoft credentials from 94 countries since at least July 2024, using RaccoonO365 phishing kits that bundled CAPTCHA pages and anti-bot techniques to appear legitimate and evade analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. In early September 2025, in coordination with Cloudflare\u2019s Cloudforce One and Trust and Safety teams, Microsoft\u2019s Digital Crimes Unit (DCU) disrupted the cybercrime operation by seizing 338 websites and Worker accounts linked to [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6],"tags":[],"class_list":["post-222061","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/222061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=222061"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/222061\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=222061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=222061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=222061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}