Microsoft has commenced legal action against RaccoonO365, the fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords (“credentials”). This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.
Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims. To date, RaccoonO365’s services have been used to steal approximately 5,000 Microsoft credentials across 94 countries, including approximately 420 victims in Australia.
While not all stolen credentials result in compromised networks or fraud due to the variety of security features employed to remediate threats, these numbers underscore the scale of the threat and how social engineering remains an effective tactic for cybercriminals.
