Microsoft, Cloudflare Unmask RaccoonO365 Ringleader

Microsoft and Cloudflare have taken coordinated action to dismantle a phishing campaign known as RaccoonO365, disabling malicious domains used to harvest credentials. In a joint effort described as part of their broader counter-cybercrime strategy, Microsoft Cloudflare unmask RaccoonO365 by identifying the infrastructure supporting the operation and neutralizing its reach.

According to Microsoft, the threat actor behind RaccoonO365 managed to steal login credentials from more than 5,000 victims. Investigators estimate the illicit campaign generated over $100,000 before it was disrupted. Microsoft Cloudflare unmasked RaccoonO365 by tracking patterns in domain behavior linked to fraudulent Office 365 login pages.

The takedown reflects increasing collaboration between technology providers in response to persistent phishing threats. While the operation has been disrupted, Microsoft continues to monitor for signs of resurgence. The company has also named an alleged operator behind the illegal scheme.

Read the full story at:
https://www.theregister.com/2025/09/16/microsoft_cloudflare_shut_down_raccoono365/