The Nigeria Police Force, in collaboration with the United States Federal Bureau of Investigation (FBI) and other international partners, has arrested suspects linked to a series of sophisticated cyberattacks targeting Microsoft 365 email systems used by major corporate organisations.
The arrests were carried out by operatives of the National Cybercrime Centre (NPF–NCCC) following actionable intelligence provided by the FBI, according to a statement issued on Thursday by the Force Public Relations Officer, CSP Benjamin Hundeyin.
The police said the cyberattacks were executed using a phishing toolkit known as RaccoonO365, which was deployed to compromise Microsoft Corporation’s email infrastructure in the United States and other jurisdictions.
Investigations revealed that the phishing toolkit was designed to create fake Microsoft login pages that closely resembled legitimate authentication portals. These fraudulent pages were used to harvest user credentials and gain unauthorised access to Microsoft 365 accounts belonging to corporate, financial, and educational institutions.
Read also:
- Abba Kyari: Are Law Enforcers Architects of Nigeria’s Endless Security Woes?
- Pro-Democracy group commends Ebonyi Govt for arresting politicians over shoddy projects, fund diversion
- Group celebrates Senator Ekong Sampson @ 58, hails his leadership
According to the statement, multiple incidents of unauthorised access to Microsoft 365 accounts recorded between January and September 2025 were traced to phishing emails that deceived victims into divulging their login details.
“These activities resulted in business email compromise, data breaches, and financial losses across multiple jurisdictions,” the police said.
Following the intelligence breakthrough, the NPF–NCCC launched a coordinated operation in collaboration with Microsoft, the FBI, and the United States Secret Service.
Operatives were deployed to Lagos and Edo States, where three suspects were arrested. Search operations conducted at their residences led to the recovery of laptops, mobile phones, and other digital devices later linked to the cyber fraud through forensic analysis.
Further investigations identified Okitipi Samuel, also known by the aliases “RaccoonO365” and “Moses Felix,” as the principal suspect and alleged developer of the phishing infrastructure.
The police said Samuel operated a Telegram channel through which phishing links were sold to cybercriminals in exchange for cryptocurrency. He was also accused of hosting fraudulent Microsoft login portals on Cloudflare using stolen or fraudulently obtained email credentials.
However, investigators noted that there was no evidence linking the two other arrested individuals to the creation or operation of the phishing scheme.
The Nigeria Police Force reaffirmed its commitment to protecting Nigeria’s digital ecosystem through advanced cybercrime detection tools, international cooperation, and sustained investigative and prosecutorial efforts.
The Force said it would continue to strengthen partnerships with global law enforcement agencies and technology firms to counter increasingly sophisticated cyber threats and safeguard both local and international digital infrastructure.
