The Nigeria Police Force has arrested a suspect in connection with a sophisticated cyberattack targeting the database of global technology firm Microsoft, following a months-long international investigation.
The suspect, identified as Okitipi Samuel, was apprehended by operatives of the National Cybercrime Centre (NCC) of the Nigeria Police Force. The arrest was confirmed on Thursday in Abuja by the Force Public Relations Officer, CSP Benjamin Hundeyin, while briefing journalists on the outcome of the investigation.
According to Hundeyin, the probe was initiated after intelligence from Microsoft in the United States was relayed through the Federal Bureau of Investigation (FBI). The investigation was carried out in collaboration with the FBI, the United States Secret Service, and the United Kingdom’s National Crime Agency.
Police said the cyberattack involved the use of a phishing toolkit known as “Raccoon 0365,” which was deployed to create fake Microsoft login portals. These fraudulent portals were used to steal user credentials and gain unauthorised access to Microsoft 365 email accounts belonging to corporate organisations, financial institutions, and educational establishments across several countries.
Between January and September 2025, authorities traced multiple incidents of unauthorised access to Microsoft accounts to phishing emails designed to closely mimic legitimate Microsoft login pages. These attacks reportedly led to business email compromise, internal phishing schemes, data breaches, and other forms of cyber-enabled fraud.
Further investigations, including digital forensic analysis and cryptocurrency tracking, uncovered wallets linked to the illicit operation. Acting on the intelligence, police operatives were deployed to Lagos and Edo states, leading to the arrest of three individuals—Joshua, James, and Okitipi Samuel—between September 20 and October 4, 2025.
Searches conducted at their residences resulted in the recovery of laptops, mobile phones, and other digital devices connected to the cyber fraud scheme.
Hundeyin disclosed that Okitipi Samuel, also known as Moses Felix and nicknamed “0365,” was identified as the principal suspect and developer of the phishing infrastructure. Investigators revealed that he operated a Telegram channel where phishing links were sold in exchange for cryptocurrency and hosted fake login pages on Cloudflare using stolen or fraudulently obtained email addresses.
Police, however, clarified that Joshua and James were victims of identity theft, noting that their personal details were used without consent and that there was no evidence linking them to the operation.
A prima facie case has been established against Samuel for multiple offences, including identity theft, unlawful access to computer systems, creation and distribution of malicious software, unauthorised interference with network data, and aiding and abetting fraud. He is expected to be charged under relevant provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, 2024.
The police confirmed that Samuel will be prosecuted in Nigeria, although extradition remains an option should a formal request be made through appropriate legal channels.
Reaffirming the commitment of the Nigeria Police Force to safeguarding the country’s digital ecosystem, Hundeyin urged Nigerians to practise good cyber hygiene by avoiding suspicious links and safeguarding personal information online.
Similarly, the Director of the National Cybercrime Centre, CP Ifeanyi Uche, warned the public against clicking links from unknown sources, describing such actions as a major gateway for cybercriminals to compromise devices and sensitive data.