Nearly 340 websites that allowed users to carry out phishing operations that stole at least 5,000 Microsoft user credentials have been seized, Microsoft Inc. said in a statement obtained by Channels Television.

The statement signed by the Assistant General Counsel for Microsoft’s Digital Crimes Unit, Steven Masada, on Tuesday, the company said it obtained an order from the U.S. District Court in Manhattan earlier this month to seize domains associated with Raccoon0365.

The Raccoon0365 subscription service allowed users to carry out massive phishing campaigns, which sometimes involved thousands of emails at a time.

According to Microsoft, the service, which operates through a private Telegram channel with more than 850 subscribers, enables users to impersonate trusted brands and get targets to enter Microsoft login credentials on phony Microsoft login pages, Masada said in a blog posted on Microsoft’s website.

The service has generated for its small group of operators at least $100,000 in cryptocurrency payments since launching in July 2024, Masada said in the blog.

Microsoft said the seizure of the websites occurred over a period of days earlier this month.

“Cybercriminals don’t need to be sophisticated to cause widespread harm,” Masada said. “Simple tools like Raccoon0365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

Raccoon0365 subscribers have targeted a wide swath of industries, Masada said, and separate court filings allege that “a significant portion” of Raccoon0365 activity targets organisations based in New York City.

READ ALSO: Oil Prices Ease After Rising More Than 1%

Masada said Microsoft identified what it said was a Raccoon0365-related effort using tax-themed phishing emails to target more than 2,300 organisations, mostly in the U.S., between February 12 and February 28 this year, according to a company blog posted in April.

Errol Weiss, chief security officer of the Health Information Sharing & Analysis Center (Health-ISAC), which provides cybersecurity services to member health organisations and is a co-plaintiff alongside Microsoft, said Raccoon0365 has been linked to successful credential harvesting through phishing campaigns at least five unnamed healthcare organisations, while targeting 25 health sector organisations overall.

“In legal cases, we also collaborate with security companies like Cloudflare to swiftly seize and take down malicious infrastructure. In doing so, we cut off the actor’s revenue streams, sow distrust among their would-be customers, and send a clear signal that Microsoft and its partners will remain persistent in going after those who target our systems. Importantly, filing a lawsuit is just the start. We always expect actors to try to rebuild their operations. That means the DCU will continue to take additional legal steps in the case to dismantle any new or reemerging infrastructure,” Microsoft said.