Nigeria Police arrest man over cyberattack targeting Microsoft database
The Nigeria Police Force’s National Cyber Crime Centre (NPF-NCCC) has arrested a man in connection with a cyberattack targeting a Microsoft database and Microsoft 365 user credentials worldwide, authorities said in a statement on Thursday. The suspect, identified as Okitipi Samuel, is accused of developing and operating a sophisticated phishing toolkit known as “RaccoonO365”, which was used to create fake Microsoft login portals that harvested login details and enabled unauthorised access to corporate, financial, and educational email accounts across multiple countries.
Police said the arrest followed international cooperation with Microsoft, the United States Federal Bureau of Investigation (FBI), and the U.S. Secret Service, after credible intelligence linked the phishing infrastructure to a series of breaches involving Microsoft 365 accounts. Investigators traced multiple cyberattacks between January and September 2025 to phishing emails designed to mimic legitimate login pages, causing data theft, business email compromise, and fraud.
Raids conducted in Lagos and Edo states led to the apprehension of the suspect and two others, although police said only Samuel was the principal developer of the phishing toolkit. Digital devices and other evidence seized from the suspects’ residences are now part of the ongoing forensic analysis. Authorities said individuals whose identities were used without consent during the scheme were victims of identity theft and not active participants.
Samuel will face charges under the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024, including identity theft, unlawful computer access, malware distribution, network interference, and aiding fraud. The police urged the public to exercise caution online, especially with suspicious links and login pages, as part of broader efforts to strengthen cybersecurity and reduce digital threats.
About the Author
