Microsoft has seized nearly 340 websites linked to a rapidly growing Nigerian-based service that allowed users to carry out phishing operations that stole at least 5,000 Microsoft user credentials.

Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit said that Microsoft earlier obtained an order from the U.S. District Court to seize domains associated with Raccoon0365, the subscription service that allowed users to carry out massive phishing campaigns, which sometimes involved thousands of emails at a time.

Raccoon0365’s service operates through a private Telegram channel with more than 850 subscribers. It enables users to impersonate trusted brands and get targets to enter Microsoft login credentials on phony Microsoft login pages, Masada said in a blog posted on Microsoft's website.

The service has generated for its small group of operators at least $100,000 in cryptocurrency payments since launching in July 2024, Masada said in the blog.

Microsoft said the seizure of the websites occurred over a period of days earlier this month.

Microsoft identified Nigeria-based Joshua Ogundipe as the leader and main operator of Raccoon0365.

“Cybercriminals don’t need to be sophisticated to cause widespread harm,” Masada said. “Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

Raccoon0365 subscribers have targeted a wide swath of industries, Masada said, and separate court filings allege that "a significant portion" of Raccoon0365 activity targets organizations based in New York City.