Microsoft has successfully disrupted a sophisticated cybercrime operation, RaccoonO365, based in Nigeria. This phishing-as-a-service (PhaaS) platform generated over $100,000 by developing and leasing deceptive Microsoft 365 login pages to a global network of scammers. Since its inception in July 2024, RaccoonO365 facilitated the theft of login credentials through meticulously crafted phishing emails, malicious QR codes, and attachments that mimicked legitimate Microsoft branding and websites.

In a coordinated effort, Microsoft's Digital Crimes Unit (DCU), in collaboration with cybersecurity firm Cloudflare, undertook significant legal and technical action. This operation resulted in the seizure of 338 websites that were integral to RaccoonO365's activities. These sites were designed to perfectly replicate Microsoft login interfaces, making them highly effective in deceiving users.

The impact of RaccoonO365 was substantial, with more than 5,000 login credentials stolen from users across 94 countries. The compromised information was likely monetized through sales on dark web forums or utilized in subsequent fraudulent schemes, such as business email compromise (BEC), a particularly prevalent form of fraud in West Africa.

RaccoonO365 operated by advertising its phishing tools via an exclusive, invite-only Telegram channel that boasted over 850 members. The platform reportedly catered to between 100 and 200 active subscribers who paid for access to its comprehensive phishing kits. These kits were remarkably user-friendly, enabling subscribers to select specific targets, dispatch phishing links, and even monitor login attempts, effectively lowering the technical barrier for individuals wishing to engage in cybercrime.

While Microsoft's disruption is a significant victory for cybersecurity, experts caution that it likely represents only a temporary setback for the broader PhaaS ecosystem. This case further highlights a concerning trend of phishing attacks specifically targeting Nigerian tech startups, especially those managing sensitive HR and financial data. The incident underscores the critical need for enhanced cyber awareness in Nigeria, particularly given the country's gradual expansion of cloud infrastructure.

The broader context reveals a surge in cybercrime across Africa. The Nigerian Computer Emergency Response Team (ngCERT) has warned that cloud service providers based in Nigeria are susceptible to Phobos ransomware attacks. Scam notifications have seen an alarming increase of nearly 3,000% in key African nations like Zambia, Egypt, and Kenya, with phishing being the predominant method. For African businesses, particularly Small and Medium-sized Enterprises (SMEs) that rely heavily on Microsoft products, prioritizing cybersecurity is paramount as phishing operations become increasingly accessible and harder to detect.