Cybercrime-as-a-service? Nigeria’s Raccoon0365 raked in $100k before takedown

It turns out you don’t need to be a tech genius to run a cybercrime empire anymore. That’s the lesson behind “Raccoon0365,” a Nigeria-based phishing service that Microsoft has just taken offline after it helped compromise more than 5,000 Microsoft accounts across the United States and beyond.

For months, the group quietly operated a sort of “cybercrime-as-a-service” platform from Nigeria, providing ready-made phishing tools for anyone willing to pay. Think of it like an illegal SaaS product: plug in a few details, press send, and thousands of scam emails go flying out. Behind the scenes, unsuspecting users clicked links, entered their credentials on fake Microsoft pages, and watched their data slip into the wrong hands.

At the heart of it all was Raccoon0365, which had built up a Telegram channel with more than 850 subscribers. Its playbook was simple but devastatingly effective, impersonate trusted brands, trick users into typing their Microsoft login details on cloned websites, and then sell access. Since launching in July 2024, the operation reportedly raked in at least $100,000 in cryptocurrency.

The scale of the attacks raised eyebrows. According to Microsoft’s Steven Masada, assistant general counsel for the company’s Digital Crimes Unit, the syndicate went after industries ranging from finance to healthcare, with a heavy concentration of victims in New York City. In one campaign alone, Raccoon0365 blasted out tax-themed phishing emails to more than 2,300 organizations.

Microsoft didn’t just sit back. With support from the US Secret Service and cloud giant Cloudflare, the company tracked the phishing service’s infrastructure and secured a Manhattan court order earlier this month to seize 338 domains linked to Raccoon0365. Those takedowns unfolded over several days, essentially dismantling the service’s online base of operations.

“Cybercriminals don’t need to be sophisticated to cause widespread harm,” Masada explained. “Tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

Cloudflare’s head of threat intelligence, Blake Darche, echoed that sentiment. While the Nigerian operators made a few mistakes in covering their tracks, he said, their overall effectiveness was alarming: “They’re in people’s accounts, they compromise lots of people, and it needs to obviously be stopped.”

The case underscores a bigger trend: Nigeria’s cybercrime ecosystem is evolving beyond “Yahoo Yahoo” email scams into structured, subscription-style services. With platforms like Raccoon0365 lowering the barrier to entry, cybercrime is no longer just the domain of specialists, it’s a business, with customer support, updates, and even community groups on encrypted channels.

For now, Microsoft’s legal win has disrupted Raccoon0365. But the real question is how long it will take before another service pops up to fill its place. In the cat-and-mouse world of cybercrime, takedowns rarely end the story, they just force the players to change names, tactics, or channels.