Microsoft on Wednesday took drastic action against a cybercrime operation that created approximately 750 million fraudulent Microsoft accounts and various websites used to enable a series of cybercriminal activities. announced that it had been taught.
The announcement comes nearly a week after Microsoft acquired it. court order It entered the Southern District of New York and enabled the company to seize U.S.-based infrastructure and websites used by a group it tracks as Storm-1152. The group is one of a group that “enables a large number of cybercriminals to carry out malicious activities more efficiently and effectively,” said Microsoft Cyber Security Policy and Protection Associate. General Counsel Amy Hogan says his Bernie. I wrote it in a blog post Found on the company’s website.
The group “plays an important role in the highly specialized cybercrime-as-a-service ecosystem,” Hogan-Burney said, offering services to circumvent fraudulent Microsoft accounts and CAPTCHA puzzles, and Our services are designed to forcefully reduce fraudulent spamming. Humans access specific web services by answering questions and solving puzzles. Microsoft described the group as “the largest seller and creator of fraudulent Microsoft accounts.”
The investigation also identified multiple individuals based in Vietnam, and Microsoft contributed to the development and maintenance of a website related to this activity, explaining how the product could be used to exploit fraudulent Microsoft accounts. He said he created step-by-step videos and even provided a chat service to customers. .
Storm-1152’s activities generated “millions of dollars in illegal revenue” and cost Microsoft and other companies “even more to combat criminal activity,” Microsoft wrote. Hogan Barney wrote that the company has filed a criminal referral with U.S. law enforcement.
Microsoft researchers have identified multiple groups involved in ransomware, data theft, and extortion using the Storm-1152 account, she added. Among them, she added, is Scattered Spider, an industry term referring to the loose, economically motivated, youth-led hack She’s Group, which is perhaps best known for its success. In September, he hacked MGM Resorts and Caesars Entertainment.
Court order allows Microsoft to seize Hot Mailboxes[.]me, a site that sells Microsoft accounts around the world. Snapshots of the site taken on December 7th are available via the Internet Archive, and the accounts were sold for a few cents each.
“Each account sold is unique and will only be sold once (not shared),” the webpage says. “All accounts were registered within the last 4 hours and are continually checked before being sold to customers.”
“Because businesses can quickly identify and shut down fraudulent accounts, criminals need more accounts to evade mitigation efforts,” Hogan-Burney wrote. Instead of going to the trouble of creating email accounts themselves, cybercriminals can simply purchase email accounts in bulk from organizations like Storm-1152.
“This allows criminals to focus on their end goal: phishing, spamming, ransomware, and other types of fraud and fraud,” she wrote.
According to Microsoft, 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA were also suspended as a result of this action.
Microsoft worked with Arkose Labs to investigate and take action against this group.