Authorities in Nigeria have introduced the arrest of three “high-profile web fraud suspects” who’re alleged to have been concerned in phishing assaults concentrating on main firms, together with the principle developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme.
The Nigeria Police Power Nationwide Cybercrime Centre (NPF–NCCC) stated investigations performed in collaboration with Microsoft and the Federal Bureau of Investigation (FBI) led to the identification of Okitipi Samuel, also referred to as Moses Felix, because the principal suspect and developer of the phishing infrastructure.
“Investigations reveal that he operated a Telegram channel by means of which phishing hyperlinks had been bought in change for cryptocurrency and hosted fraudulent login portals on Cloudflare utilizing stolen or fraudulently obtained electronic mail credentials,” the NPF stated in a put up shared on social media.
As well as, laptops, cell gadgets, and different digital gear linked to the operation have been seized following search operations performed at their residences. The 2 different arrested people haven’t any connection to the creation or operation of the PhaaS service, per the NPF. The arrests had been carried out following raids in Lagos and Edo states.
RaccoonO365 is the title assigned to a financially motivated risk group behind a PhaaS toolkit that permits dangerous actors to conduct credential harvesting assaults by serving phishing pages mimicking Microsoft 365 login pages. Microsoft is monitoring the risk actor beneath the moniker Storm-2246.
Again in September 2025, the tech large stated it labored with Cloudflare to grab 338 domains utilized by RaccoonO365. The phishing infrastructure attributed to the toolkit is estimated to have led to the theft of at the least 5,000 Microsoft credentials from 94 nations since July 2024.
The NPF stated RaccoonO365 was used to arrange fraudulent Microsoft login portals geared toward stealing consumer credentials and utilizing them to achieve illegal entry to the e-mail platforms of company, monetary, and academic establishments. The joint probe has uncovered a number of incidents of unauthorized Microsoft 365 account entry between January and September 2025 that originated from phishing messages crafted to imitate respectable Microsoft authentication pages.
These actions led to enterprise electronic mail compromise, information breaches, and monetary losses throughout a number of jurisdictions, the NPF added.
A civil lawsuit filed by Microsoft and Well being-ISAC in September has accused defendants Joshua Ogundipe and 4 different John Does of internet hosting a cybercriminal operation by “promoting, distributing, buying, and implementing” the phishing equipment to facilitate subtle spear-phishing and siphon delicate info.
The stolen information is then used to gasoline extra cybercrimes, together with enterprise electronic mail compromise, monetary fraud, and ransomware assaults, in addition to commit mental property violations, the lawsuit alleged.
The lawsuit additionally recognized Ogundipe because the mastermind behind the operation. His current whereabouts are unclear. When reached for remark, a Microsoft spokesperson informed The Hacker Information that investigations are ongoing.
The event comes as Google filed a lawsuit in opposition to the operators of the Darcula PhaaS service, naming Chinese language nationwide Yucheng Chang because the group’s chief together with 24 different members. The corporate is searching for a courtroom order to grab the group’s server infrastructure that has been behind a large smishing wave impersonating U.S. authorities entities.
Darcula and associates are estimated to have stolen almost 900,000 bank card numbers, together with almost 40,000 from Individuals, in response to an investigation from the Norwegian Broadcasting Company (NRK) and cybersecurity firm Mnemonic. The Chinese language-language phishing equipment first emerged in July 2023.
Information of the lawsuit was first reported by NBC Information on December 17, 2025. The event comes a bit over a month after Google additionally sued China-based hackers related to one other PhaaS service often known as Lighthouse that is believed to have impacted over 1 million customers throughout 120 nations.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s developments right this moment: learn extra, subscribe to our e-newsletter, and grow to be a part of the NextTech neighborhood at NextTech-news.com
