US Authorities and Nigerian Police Take Down “RaccoonO365” Syndicate

In a major blow to international cybercrime, a high-stakes joint operation involving the Nigeria Police Force National Cybercrime Centre (NPF–NCCC), the FBI, and the US Secret Service has culminated in the arrest of three high-profile internet fraud suspects. The coordinated raids, which took place across Lagos and Edo States, targeted a sophisticated criminal network responsible for compromising the digital infrastructure of major corporate, financial, and educational institutions.

The crackdown was the result of a month-long intelligence-gathering mission triggered by a tip-off from Microsoft Corporation. The tech giant identified a specialized and highly effective phishing toolkit known as “RaccoonO365,” which was being used to bypass security protocols and hijack Microsoft 365 accounts globally. This tool allowed the syndicate to operate with a level of technical precision that frequently bypassed standard security filters.

Force Public Relations Officer CSP Benjamin Hundeyin confirmed that the suspects utilized a combination of phishing links and malicious software to breach email systems. This methodology allowed them to harvest login credentials by creating deceptive authentication pages that mirrored legitimate Microsoft portals. The level of mimicry was so high that even tech-savvy employees often found themselves unable to distinguish the fake login prompts from authentic ones.

Between January and September 2025, these illicit activities led to massive business email compromise (BEC) schemes. These operations resulted in significant data breaches and substantial financial losses for organizations within Nigeria and across international borders. The suspects were not just looking for data; they were looking for access points to divert funds and steal proprietary intellectual property from established institutions.

The investigation reached a breakthrough when digital forensics traced the development of the phishing infrastructure to a principal suspect identified as Okitipi Samuel. Known in the underworld by the monikers “RaccoonO365” and “Moses Felix,” Samuel is alleged to be the architect behind the sophisticated toolkit. He did not just use the software; he pioneered its deployment as a scalable criminal enterprise.

Samuel reportedly operated a specialized Telegram channel where he sold phishing links to other cybercriminals in exchange for cryptocurrency. This effectively created a “fraud-as-a-service” business model, allowing less-skilled hackers to execute high-level breaches using his tools. By using cryptocurrency for transactions, the syndicate believed they had established a layer of anonymity that would shield them from traditional law enforcement.

To further mask his activities, the suspect hosted fraudulent login portals on Cloudflare, utilizing stolen or illegally obtained email credentials to maintain his infrastructure. This allowed the phishing pages to benefit from the speed and perceived legitimacy of reputable hosting services. During the raids on the suspects’ residences, NPF–NCCC operatives seized a variety of digital assets, including high-end laptops and mobile devices.

Preliminary forensic analysis of these devices has already provided a direct link to the fraudulent schemes and the wider network of cyber-attacks. The police noted that the evidence recovered is “voluminous,” suggesting that the reach of this group may extend much further than initially realized. The data retrieved is currently being shared with international partners to help other victims secure their compromised systems.

While three individuals were taken into custody during the operation, the police statement clarified a crucial detail regarding the scope of the arrests. Forensic investigations revealed that while two other individuals were caught in the dragnet, no evidence currently links them to the actual creation or primary operation of the “RaccoonO365” phishing scheme. This distinction highlights the precision of the ongoing investigation as authorities work to separate the masterminds from peripheral associates.

The success of this operation underscores the growing necessity of international cooperation in the fight against digital crime. By aligning the technical expertise of Microsoft with the investigative reach of the FBI, the US Secret Service, and the Nigeria Police Force, authorities were able to dismantle a threat that spanned multiple jurisdictions. The integration of global intelligence means that local hideouts no longer offer the protection they once did for cyber-mercenaries.

The Nigeria Police Force has reaffirmed its commitment to securing the nation’s digital borders. Officials noted that the deployment of advanced technology and the strengthening of ties with foreign law enforcement agencies are central to their strategy. As cyber threats evolve, the NPF–NCCC aims to stay ahead of the curve through diligent prosecution and the use of actionable intelligence to disrupt criminal syndicates before they can inflict further economic damage.

This arrest serves as a stern warning to cybercriminals operating within the region. The collaboration between the US and Nigeria marks a significant milestone in regional security, proving that even the most “sophisticated” phishing toolkits cannot withstand the combined pressure of global law enforcement and private sector giants. The focus now shifts to the courtroom, where the principal developer will face the weight of international law.