{"id":101683,"date":"2025-09-18T10:47:58","date_gmt":"2025-09-18T06:47:58","guid":{"rendered":"https:\/\/techxmedia.com\/en\/?p=101683"},"modified":"2025-09-18T10:47:58","modified_gmt":"2025-09-18T06:47:58","slug":"cloudflare-microsoft-disrupt-major-phishing-attacks","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/cloudflare-microsoft-disrupt-major-phishing-attacks\/","title":{"rendered":"Cloudflare, Microsoft Disrupt Major Phishing Attacks"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Cloudflare\">Cloudflare<\/a>, in partnership with Microsoft, announced the successful disruption of phishing attacks by the phishing-as-a-service (PhaaS) group known as RaccoonO365.<\/p>\n\n\n\n<p>The RaccoonO365 group reportedly abused Cloudflare services and other infrastructure providers to hide its phishing kits. The campaign targeted Microsoft 365 users through phishing kits designed to steal login credentials.<\/p>\n\n\n\n<p>The phishing kits used simple CAPTCHA pages and anti-bot techniques to evade detection and appear legitimate to victims. The stolen data included Microsoft 365 credentials, cookies, and files from OneDrive, SharePoint, and email. These were later used for financial fraud, extortion, or as entry points for larger <a href=\"https:\/\/techxmedia.com\/en\/?s=cyberattacks\">cyberattacks<\/a>.<\/p>\n\n\n\n<p>Cloudflare revealed that in early September 2025, it executed a coordinated takedown of hundreds of domains and Worker accounts linked to RaccoonO365. The action dismantled the group\u2019s infrastructure and aimed to raise their operational costs significantly.<\/p>\n\n\n\n<p>The move was part of a wider campaign coordinated with Microsoft, which had filed a civil lawsuit against the group in August 2025. Cloudflare\u2019s approach marked a shift from reactive, single-domain takedowns to large-scale proactive disruption.<\/p>\n\n\n\n<p>RaccoonO365 operated as a subscription-based service that allowed cybercriminals to run phishing campaigns. Microsoft reported that since July 2024, the group\u2019s kits stole at least 5,000 Microsoft 365 credentials across 94 countries.<\/p>\n\n\n\n<p>The group sold access to its \u201cRaccoonO365 Suite\u201d through a private Telegram channel with 845 members. Subscriptions included:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>30-day plans for $355<\/li>\n\n\n\n<li>90-day plans for $999<\/li>\n<\/ul>\n\n\n\n<p>Payments were accepted in cryptocurrency, including USDT (TRC20, BEP20, Polygon) and Bitcoin.<\/p>\n\n\n\n<p>Cloudflare\u2019s Trust &amp; Safety team mapped the actor\u2019s entire infrastructure using signup patterns before the takedown. The company banned all identified domains, placed phishing warning pages, terminated Worker scripts, and suspended related accounts.<\/p>\n\n\n\n<p>Cloudflare stated that this coordinated action, supported by Microsoft and U.S. law enforcement, is intended to permanently disrupt the group\u2019s phishing attacks and prevent re-registration.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloudflare, in partnership with Microsoft, announced the successful disruption of [&hellip;]<\/p>\n","protected":false},"author":58,"featured_media":101685,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[1051],"contributor":[9732],"class_list":["post-101683","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-vendors","contributor-news-desk"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2025\/09\/Cloudflare.jpg","author_info":{"display_name":"Lubna","author_link":"https:\/\/techxmedia.com\/en\/author\/lubna\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/101683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=101683"}],"version-history":[{"count":1,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/101683\/revisions"}],"predecessor-version":[{"id":101684,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/101683\/revisions\/101684"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/101685"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=101683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=101683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=101683"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=101683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}