Microsoft’s Digital Crimes Unit (DCU) has recently made a significant move by obtaining a court order to seize 338 websites associated with the RaccoonO365 phishing service, a subscription-based platform that facilitated the theft of Office 365 credentials.
Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy
The Digital Crimes Unit
Formed by Microsoft to combat cybercrime, the DCU is an international team composed of lawyers, engineers, analysts, and intelligence experts. Its mission is to technically track down malicious infrastructures and take legal action, leveraging both private and public partnerships.
This approach is not new: in May 2025, Microsoft conducted a major operation against the “Lumma Stealer,” an information-stealing malware, by coordinating domain takeovers and interventions with Europol, the US Department of Justice, and other entities to dismantle the network’s infrastructure. The Lumma case demonstrated a similar strategy: technical identification, legal action, and international collaboration.
RaccoonO365: The Operation by the Numbers
According to Microsoft’s blog post and federal court filings, since July 2024, RaccoonO365 has facilitated the theft of at least 5,000 Microsoft credentials across 94 countries, and the platform was marketed through a Telegram channel with about 850 members, generating at least $100,000 in cryptocurrency payments. Under a federal court order from Manhattan, the DCU was able to seize 338 sites linked to the service to dismantle the network’s technical infrastructure. The goal was to simultaneously target the infrastructure and financial resources.
RaccoonO365 operated as a Phishing-as-a-Service (PhaaS) with an admin panel, templates mimicking Microsoft pages, email sending tools, and automation to circumvent certain protections. For a $350 monthly subscription, a novice user could mass-produce fake login pages and target email lists on both macOS and Windows. The RaccoonO365 administrators also engaged in marketing with feature lists, benefits, and even discounted prices for longer subscriptions.
As for the consequences of a compromised Microsoft 365 account on both Mac and PC, they are significant and varied. Examples include: reading and spoofing emails, accessing OneDrive/SharePoint, resetting access to other linked services, identity theft for committing fraud, or as a launching pad for spreading malware and ransomware campaigns.
Stay Cautious and Well-Equipped
The DCU’s action demonstrates that it is possible to disrupt organized criminal services, but it does not eliminate the evolving threat.
For both individuals and businesses, the rule remains the same: be vigilant about the links you receive, use strong authentication (MFA), unique passwords, and a password manager, and ensure you are using security software that is regularly updated (antivirus/antimalware and anti-spam filters with new signatures and rules).
Microsoft emphasizes these best practices in its statements.
NASA warns China could slow Earth’s rotation with one simple move
This dog endured 27 hours of labor and gave birth to a record-breaking number of puppies
Security on Mac and iPhone
The best antivirus for iPhone
The best antivirus for iPhone