RACCOONO365 PaaS

RACCOONO365 PaaS image
You are here:
  1. Home
  2. Threat Advisory
  3. RACCOONO365 PaaS

OVERVIEW

RaccoonO365 is a phishing-as-a-service platform active since September 2024, using malicious PDFs with lnk[.]ie links to steal Microsoft 365 credentials and MFA codes through realistic login pages. Stolen data is exfiltrated via attacker-controlled infrastructure using adversary-in-the-middle techniques. The service has expanded with tools like the Postman mailer, which abuses compromised accounts for phishing, and a lead extractor to harvest more victims. Campaigns mainly target IT staff in global supply chains. Despite takedowns, affiliates maintain resilient infrastructure, making ongoing awareness, IOC monitoring, and strict account hygiene critical.

AFFECTED SYSTEMS

  • Microsoft 365 accounts – primary target for credential and MFA theft.
  • Azure infrastructure – abused through compromised accounts for phishing delivery.
  • Email ecosystems – compromised or spoofed accounts used to distribute phishing.
  • Industrial supply chain organizations – particularly…..

Read Full Report Here!

Download the Report

Date

Share

Previous Reports

F5 NGINX MP4 Module Vulnerability Enabling Potential DoS and RCE

F5 NGINX MP4 Module Vulnerability Enabling Potential DoS and RCE

Mirai Botnet Threat Evolution of DDoS Capabilities and IoT Exploitation

Mirai Botnet Threat: Evolution of DDoS Capabilities and IoT Exploitation

ICE Cloud Malware Campaign Targeting Exposed MS-SQL Servers

ICE Cloud Malware Campaign Targeting Exposed MS-SQL Servers