The Nigerian authorities have taken action against three individuals implicated in cyberattacks targeting Microsoft 365 through the Raccoon0365 phishing platform.

These malicious attacks resulted in business email compromises, data breaches, and considerable financial losses for organizations globally.

This enforcement action was made possible due to intelligence provided by Microsoft to the Nigeria Police Force’s National Cybercrime Centre (NPF–NCCC), facilitated by the FBI.

The authorities pinpointed those behind the ‘Raccoon0365’ phishing toolkit, a service designed to automate fake Microsoft login page generation for the purpose of credential theft.

This platform is believed to have compromised at least 5,000 Microsoft 365 accounts across 94 nations and was shut down by Microsoft and Cloudflare last September.

It remains uncertain whether this disruption led to the identification of the perpetrators in Nigeria.

BleepingComputer reached out to Microsoft for further details, but there was no immediate response.

According to an official announcement from the police, “Based on actionable and precise intelligence, NPF–NCCC operatives were dispatched to Lagos and Edo States, which resulted in the apprehension of three suspects.” .

During searches of their residences, authorities recovered laptops, mobile devices, and other digital equipment tied to the fraudulent activities following forensic analysis.

Among the arrested is an individual identified as Okitipi Samuel, also known as “RaccoonO365” and “Moses Felix,” who the police suspect is the developer of this phishing platform.

Samuel is reported to have run a Telegram channel where he sold phishing kits to other criminals in exchange for cryptocurrency, while hosting phishing pages on Cloudflare using accounts created with stolen credentials.

At the time of the service’s disruption, his Telegram channel had over 800 members, with access fees ranging from $355/month to $999/three months.

Cloudflare estimates that the Raccoon0365 service is predominantly utilized by cybercriminals based in Russia.

As for the other two arrested individuals, the police stated there is currently no evidence linking them to the operation or development of the Raccoon0365 platform.

Interestingly, Joshua Ogundipe, previously identified by Microsoft as the head of the phishing service, is not mentioned in the police announcement.

Broken IAM isn’t just an IT problem – the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.

Get the guide