Microsoft Takes Legal Action against Storm-1152, a Cybercrime Network

Microsoft has successfully initiated legal action against Storm-1152, a cybercrime network, as part of its efforts to combat illegal online activities. This organization specialized in trafficking over 750 million fraudulent Microsoft accounts and associated tools through a complex web of fake websites and social media pages. The elaborate operation allowed the criminal group to rack up millions of dollars in illegal revenues.

According to Amy Hogan-Burney, Microsoft’s Associate General Counsel for Cybersecurity Policy and Protection, fake online identities serve as a gateway to a multitude of cybercrimes, including mass phishing, identity theft, fraud, and distributed denial-of-service (DDoS) assaults. This criminal company, which was recognized as a type of Cybercrime-as-a-Service (CaaS), exploited identity verification vulnerabilities on a range of technology platforms. The goal was to automate criminal operations including phishing, spamming, ransomware, and fraud, reducing the entry barriers for cyber attackers.

Octo Tempest (aka Scattered Spider) and other threat actors used Storm-1152’s accounts to carry out ransomware attacks, data theft, and extortion schemes. Storm-0252 and Storm-0455, two more financially driven threat actors, allegedly acquired fake accounts from Storm-1152 to increase their own offensive operations.

The group, which has been active since at least 2021, has created a presence through different websites and pages. Among these are Hotmailbox.me, which sold fraudulent Microsoft Outlook accounts, and 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, which offered machine learning-based CAPTCHA-solving services to bypass identity verification. These illegal services were also advertised on social media platforms.

Microsoft, in partnership with Arkose Labs, not only identified but also targeted three people based in Vietnam who were responsible for the development and maintenance of the criminal infrastructure. Duong Dinh Tu, Linh Van Nguyn (also known as Nguyn Van Linh), and Tai Van Nguyen are among the main actors. These individuals were not only involved in the creation of the illegal websites, but they also disseminated extensive details via video tutorials and offered chat services to those participating in fraudulent operations.

“These individuals operated and wrote the code for the illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials, and provided chat services to assist those using their fraudulent services,” Hogan-Burney noted.

“Not only did the company sell its technology like any other kind of software company—with pricing structures based upon a customer’s needs—but it also would perform fake account registration attacks, sell those fake accounts to other cybercriminals, and then cash out with crypto currency,” Kevin Gosschalk and Patrice Boffa, officials from Arkose Labs, said.

ALSO READ: Microsoft Releases October 2023 Patch Updates for 103 Flaws, Including 2 Active Exploits