Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Okitipi Samuel-RaccoonO365-Moses Felix alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

The Raccoon0365 phishing platform functioned as a phishing-kit service sold to other criminals, expanding Microsoft 365 credential theft and account-compromise capacity across 94 countries. That service model matters because it turns a phishing operation into reusable cybercrime infrastructure rather than a one-off scam.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

CypherLoc phishing-led browser scareware campaign

Campaign
First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Open Happening

Storm-2949 Microsoft 365 and Azure data-theft campaign

Campaign
First: 19.05.2026 22:35 Last: 19.05.2026 22:35 Sources 1

About this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...

Open Happening

Microsoft civil action against Fox Tempest infrastructure takedown

Regulatory/Legal Action
First: 19.05.2026 18:00 Last: 19.05.2026 18:00 Sources 1

About this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...

Open Happening

EvilTokens Microsoft 365 consent phishing campaign

Campaign
First: 19.05.2026 14:30 Last: 19.05.2026 14:30 Sources 1

About this happening: The **EvilTokens** campaign rapidly compromised **more than 340 Microsoft 365 organizations** across **five countries**, showing how **OAuth grant abuse** can bypass **MFA** and c...

Open Happening

Timeline

  1. 19.12.2025 21:05 2 articles · 5mo ago

    Nigeria arrests three suspects linked to Raccoon0365

    Initial Disclosure

    The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) arrested three suspects linked to targeted Microsoft 365 cyberattacks through the Raccoon0365 phishing platform after intelligence from Microsoft was shared via the FBI. Officers deployed to Lagos and Edo States, recovered laptops, mobile devices, and other digital equipment, and police identified Okitipi Samuel, also known as RaccoonO365 and Moses Felix, as the suspected developer of the phishing toolkit that automated fake Microsoft login pages for credential theft.

    Show sources
    Open in new tab