Okitipi Samuel-RaccoonO365-Moses Felix alliance reshapes ransomware ecosystem operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
The Raccoon0365 phishing platform functioned as a phishing-kit service sold to other criminals, expanding Microsoft 365 credential theft and account-compromise capacity across 94 countries. That service model matters because it turns a phishing operation into reusable cybercrime infrastructure rather than a one-off scam.
Related Happenings
Pink new extortion brand within The Com
Threat Actor Meta
H score30
First: 08.07.2026 19:47
Last: 08.07.2026 19:47
Sources 1
About this happening:
A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Pink new extortion brand within The Com
Threat Actor MetaAbout this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
O-UNC-066 / Pink Microsoft Entra passkey vishing campaign
Campaign
H score37
First: 08.07.2026 19:47
Last: 08.07.2026 19:47
Sources 1
About this happening:
The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...
O-UNC-066 / Pink Microsoft Entra passkey vishing campaign
CampaignAbout this happening: The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...
DCloud Uni-App scam website campaign
Campaign
H score70
First: 29.06.2026 14:57
Last: 29.06.2026 14:57
Sources 1
About this happening:
The **DCloud Uni-App** scam-site campaign has grown into a **236,493-domain** fraud network that steals credentials, drains crypto wallets, and impersonates major brands. The site...
DCloud Uni-App scam website campaign
CampaignAbout this happening: The **DCloud Uni-App** scam-site campaign has grown into a **236,493-domain** fraud network that steals credentials, drains crypto wallets, and impersonates major brands. The site...
Outsider Telegram-run smishing campaign targeting Americans
Campaign
H score53
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Outsider Telegram-run smishing campaign targeting Americans
CampaignAbout this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Latest development: 14.06.2026 17:36
The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score69
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Timeline
-
19.12.2025 21:05 2 articles · 6mo ago
Nigeria arrests three suspects linked to Raccoon0365
Initial DisclosureThe Nigeria Police Force National Cybercrime Centre (NPF–NCCC) arrested three suspects linked to targeted Microsoft 365 cyberattacks through the Raccoon0365 phishing platform after intelligence from Microsoft was shared via the FBI. Officers deployed to Lagos and Edo States, recovered laptops, mobile devices, and other digital equipment, and police identified Okitipi Samuel, also known as RaccoonO365 and Moses Felix, as the suspected developer of the phishing toolkit that automated fake Microsoft login pages for credential theft.
Show sources
- Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform — www.bleepingcomputer.com — 19.12.2025 21:05
- Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform — www.bleepingcomputer.com — 19.12.2025 21:05