Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RaccoonO365 Microsoft 365 credential-harvesting phishing campaign

Campaign
First reported
Last updated
Happening score
H score 34
2 unique sources, 2 articles

Summary

Hide ▲

The RaccoonO365 phishing operation drove repeated Microsoft 365 account compromises and created follow-on risk of business email compromise across corporate, financial, and educational institutions. Investigators tied the activity to phishing messages that mimicked legitimate Microsoft authentication pages and to fraudulent login portals used to steal credentials. The operation mattered because it turned stolen access into broader fraud and breach exposure across 94 countries.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

Storm-2949 Microsoft 365 and Azure data-theft campaign

Campaign
First: 19.05.2026 22:35 Last: 19.05.2026 22:35 Sources 1

About this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...

Open Happening

Microsoft civil action against Fox Tempest infrastructure takedown

Regulatory/Legal Action
First: 19.05.2026 18:00 Last: 19.05.2026 18:00 Sources 1

About this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...

Open Happening

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...

Open Happening

Scattered Spider 2022 SMS phishing campaign targeting technology companies

Campaign
First: 21.04.2026 17:53 Last: 21.04.2026 17:53 Sources 1

About this happening: Tyler Robert Buchanan’s guilty plea newly confirms **Scattered Spider**’s **2022 SMS phishing campaign**, showing it reached **at least a dozen major technology companies** and en...

Open Happening

Timeline

  1. 19.12.2025 21:05 1 articles · 5mo ago

    Nigeria arrests three suspects tied to Raccoon0365

    Legal Policy Action Update

    Nigeria Police Force National Cybercrime Centre (NPF–NCCC) arrested three suspects linked to Raccoon0365, including Okitipi Samuel, also known as RaccoonO365 and Moses Felix, whom police believe developed the phishing platform used for Microsoft 365 credential theft. The operation used Microsoft intelligence shared via the FBI, and forensic analysis linked recovered laptops, mobile devices, and other digital equipment to the fraudulent scheme.

    Show sources
    Open in new tab
  2. 19.12.2025 12:26 1 articles · 5mo ago

    RaccoonO365 Microsoft 365 credential-harvesting phishing campaign

    Initial Disclosure

    Between **January and September 2025**, RaccoonO365 used phishing messages that imitated Microsoft authentication pages to trigger unauthorized **Microsoft 365** access across multiple sectors.

    Show sources
    Open in new tab