"Investigators from Microsoft's Digital Crimes Unit (DCU) have disrupted the network behind the dangerous RaccoonO365 infostealer malware that targeted the usernames and credentials of Office 365 users after being granted a court order in the Southern District of New York. The operation saw a total of 338 websites linked to the popular malware seized and its technical infrastructure disrupted, severing RaccoonO365 users' access to their victims."
"Since July 2024, RaccoonO365's kits have been used to steal at least 5,000 Microsoft credentials from 94 countries. While not all stolen information results in compromised networks or fraud due to the variety of security features employed to remediate threats, these numbers underscore the scale of the threat and how social engineering remains a go-to tactic for cyber criminals. More broadly, the rapid development, marketing and accessibility of services such as RaccoonO365 indicate that we are entering a troubling new phase of cyber crime where scams and threats are likely to multiply exponentially."
Microsoft's Digital Crimes Unit obtained a court order to seize and disrupt 338 websites tied to the RaccoonO365 infostealer, cutting off operators and users from stolen Office 365 credentials. RaccoonO365 operated as a subscription-based phishing kit that used Microsoft branding to craft realistic emails, attachments and websites to harvest logins. Since July 2024 the kits captured at least 5,000 Microsoft credentials across 94 countries. The service evolved rapidly with frequent upgrades, allowed targeting of up to 9,000 email addresses daily, and included features to help circumvent multi-factor authentication, amplifying social-engineering-driven risk.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]