Nigerian law enforcement has arrested three individuals linked to targeted Microsoft 365 cyberattacks conducted through the Raccoon0365 phishing platform, authorities announced.
The suspects are accused of administering Raccoon0365, a phishing toolkit designed to automate the creation of fake Microsoft login pages used to steal credentials. The phishing service was linked to business email compromise, data breaches, and financial losses affecting organizations worldwide.
According to investigators, Raccoon0365 was responsible for at least 5,000 compromised Microsoft 365 accounts across 94 countries before it was disrupted by Microsoft and Cloudflare last September.
During searches of the suspects’ residences the police seized laptops, mobile phones, and other digital devices.
One of the arrested was identified as Okitipi Samuel, also known online as “RaccoonO365” and “Moses Felix.” Police believe Samuel developed the Raccoon0365 platform and operated a Telegram channel where phishing kits were sold to cybercriminals in exchange for cryptocurrency. Investigators say he also hosted phishing pages on Cloudflare using accounts created with compromised credentials.
The Telegram channel reportedly had more than 800 members, with access fees ranging from $355 per month to $999 for three months. Cloudflare has previously estimated that the service was primarily used by Russia-based cybercriminals.
Police said that, so far, there is no evidence directly linking the other two suspects to the creation or operation of Raccoon0365. Previously, Microsoft identified an individual named Joshua Ogundipe as the leader of the phishing service, however, this name was not mentioned in the Nigeria’s police report.