Microsoft seizes hundreds of phishing sites tied to massive credential theft operation | CyberScoop<\/title> <meta name=\"description\" content=\"The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365\u2019s infrastructure, which was used to steal credentials from organizations in 94 countries.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-seizes-phishing-sites-raccoono365\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft seizes hundreds of phishing sites tied to massive credential theft operation\"> <meta property=\"og:description\" content=\"The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365\u2019s infrastructure, which was used to steal credentials from organizations in 94 countries.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-seizes-phishing-sites-raccoono365\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-16T21:55:22+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-16T21:55:25+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation-1.png\"> <meta property=\"og:image:width\" content=\"603\"> <meta property=\"og:image:height\" content=\"451\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1758026437g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86011\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86011\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-seizes-phishing-sites-raccoono365%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-seizes-phishing-sites-raccoono365%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86011 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-seizes-phishing-sites-raccoono365\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.981132075472\">\n<div class=\"single-article__header-content\" readability=\"35.408602150538\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/microsoft-seizes-phishing-sites-raccoono365\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365\u2019s infrastructure, which was used to steal credentials from organizations in 94 countries. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86011\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"603\" height=\"451\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation.png?resize=603%2C451&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"RaccoonO365 login page (Credit: Microsoft's Digital Crimes Unit)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation-1.png 603w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation-1.png?resize=300,224 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation-1.png?resize=600,449 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation-1.png?resize=225,168 225w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation-1.png?resize=451,337 451w\" sizes=\"(max-width: 603px) 100vw, 603px\"><figcaption> RaccoonO365 login page (Credit: Microsoft’s Digital Crimes Unit) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"51.189483912762\"><body readability=\"104.89175383118\"><\/p>\n<p>Microsoft\u2019s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday. <\/p>\n<p>The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials from organizations spanning 94 countries, making it the \u201cfastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords,\u201d Steven Masada, assistant general counsel at Microsoft\u2019s DCU said in a <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2025\/09\/16\/microsoft-seizes-338-websites-to-disrupt-rapidly-growing-raccoono365-phishing-service\/\">blog post<\/a>. <\/p>\n<p>RaccoonO365 services were used indiscriminately to target more than 2,300 U.S. organizations in a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/04\/03\/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns\/\">tax-themed phishing campaign<\/a> earlier this year. Its kits, which use Microsoft branding for fraudulent emails, attachments and websites, have also been used against at least 20 U.S. health care organizations, according to Microsoft. <\/p>\n<p>\u201cThe rapid development, marketing, and accessibility of services like RaccoonO365 indicate that we are entering a troubling new phase of cybercrime where scams and threats are likely to multiply exponentially,\u201d Masada said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft, acting on a court order granted by the U.S. District Court for the Southern District of New York, worked with Cloudflare to seize and take down RaccoonO365\u2019s infrastructure. The company also worked with Chainalysis to trace the threat group\u2019s cryptocurrency transactions, allowing it to attribute malicious online activity to real identities.<\/p>\n<p>Microsoft accuses <a href=\"https:\/\/www.linkedin.com\/in\/joshua-ogundipe-292688261\/\">Joshua Ogundipe<\/a> of Nigeria of running the criminal enterprise, which sold phishing kits to a community base of more than 850 members on Telegram. Ogundipe and his associates have received at least $100,000 in cryptocurrency payments, reflecting an estimate of up to 200 subscriptions. <\/p>\n<p>\u201cDuring the investigation, the DCU engaged directly with the threat actor without disclosing our identity to acquire the phishing kits,\u201d Maurice Mason, principal cybercrime investigator at Microsoft\u2019s DCU, said in a <a href=\"https:\/\/www.chainalysis.com\/blog\/following-the-money-with-chainalysis-maurice-mason-microsoft\/\">Q&A with Chainalysis<\/a>. <\/p>\n<p>In a separate purchase, the alleged cybercriminal inadvertently shared a cryptocurrency wallet address for payment that allowed investigators to trace the funds to a wallet hosted on a Nigeria-based cryptocurrency exchange previously linked to Ogundipe, Mason added. <\/p>\n<p>Microsoft said Ogundipe has a background in computer programming and accused him of writing the majority <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>of the code for the subscription-based phishing service, which allows cybercriminals to send up to 9,000 phishing emails per day. Investigators said RaccoonO365 may have facilitated the transmission of hundreds of millions of malicious emails. <\/p>\n<p>Microsoft, which sent a criminal referral for Ogundipe to international law enforcement, also addressed continued discontent with persisting legal challenges. <\/p>\n<p>\u201cToday\u2019s patchwork of international laws remains a major obstacle and cybercriminals exploit these gaps,\u201d Masada said. \u201cGovernments must work together to align their cybercrime laws, speed up cross-border prosecutions and close the loopholes that let criminals operate with impunity.\u201d<\/p>\n<p>RaccoonO365\u2019s kits sent emails to victims with malicious attachments, links or QR codes that redirected users to a fake Microsoft O365 login page to harvest credentials, Cloudflare researchers said in a <a href=\"https:\/\/www.cloudflare.com\/threat-intelligence\/research\/report\/cloudflare-participates-in-global-operation-to-disrupt-raccoono365\/\">blog post<\/a>. When victims entered credentials, the kit allowed attackers to capture the password and resulting session cookie, bypassing multifactor authentication.<\/p>\n<p>The codebase included functions for anti-analysis and evasion, user-agent filtering, security vendor evasion, network-level blocking and dynamic traffic routing, according to Cloudflare.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The phishing emails were often a precursor to malware and ransomware, yet not every stolen credential led to compromised networks or fraud, according to Microsoft. The company said it always expects cybercriminals to try to rebuild operations after a takedown and pledged to take additional steps to dismantle any new or reemerging infrastructure.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4682080924855\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-seizes-phishing-sites-raccoono365\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft seizes hundreds of phishing sites tied to massive credential<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2532,632,282,78,625,3358,2435,2589,60,3627,46,256,288],"tags":[2535,633,286,86,630,3360,2436,2590,67,3630,54,262,294],"class_list":["post-7994","post","type-post","status-publish","format-standard","hentry","category-chainalysis","category-cloudflare","category-cybercrime","category-cybersecurity","category-microsoft","category-microsoft-365","category-microsoft-digital-crimes-unit","category-nigeria","category-phishing","category-phishing-kit","category-ransomware","category-research","category-threats","tag-chainalysis","tag-cloudflare","tag-cybercrime","tag-cybersecurity","tag-microsoft","tag-microsoft-365","tag-microsoft-digital-crimes-unit","tag-nigeria","tag-phishing","tag-phishing-kit","tag-ransomware","tag-research","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chainalysis\/\" rel=\"category tag\">Chainalysis<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloudflare\/\" rel=\"category tag\">Cloudflare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-365\/\" rel=\"category tag\">Microsoft 365<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-digital-crimes-unit\/\" rel=\"category tag\">Microsoft Digital Crimes Unit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nigeria\/\" rel=\"category tag\">Nigeria<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing\/\" rel=\"category tag\">phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing-kit\/\" rel=\"category tag\">phishing kit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7994","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7994"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7994\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7994,"date":"2025-09-16T16:55:22","date_gmt":"2025-09-16T21:55:22","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86011"},"modified":"2025-09-16T16:55:22","modified_gmt":"2025-09-16T21:55:22","slug":"microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/16\/microsoft-seizes-hundreds-of-phishing-sites-tied-to-massive-credential-theft-operation\/","title":{"rendered":"Microsoft seizes hundreds of phishing sites tied to massive credential theft operation"},"content":{"rendered":"