Microsoft announced Wednesday that it had obtained a court order to seize infrastructure installed by a group called Storm-1152. The group sold approximately 750 million fraudulent Microsoft accounts and tools to other criminals through a network of fake websites and social media pages, making millions of dollars in profits. Dollars of illegal income.
Amy Hogan Barney, associate general counsel for cybersecurity policy at the company, said: “Illegal online accounts can lead to many cyber crimes, including mass phishing, identity theft and fraud, and distributed denial of service (DDoS) attacks.” It will function as an entrance.” protection, Said.
According to Redmond, these cybercrime-as-a-service (CaaS) services are used to circumvent identity verification software across a variety of technology platforms and perform malicious activities online such as phishing, spam, ransomware, and fraud. It is designed to minimize the effort required. Effectively lowers the barrier of entry for attackers.
Defeat AI-powered threats with Zero Trust – Webinar for security professionals
In today’s world, traditional security measures are no longer the answer. The era of zero trust security has arrived. Protect your data like never before.
Multiple attackers, including Octo Tempest (also known as Scattered Spider), are said to have used Storm-1152’s accounts to carry out ransomware, data theft, and extortion schemes. Storm-0252 and Storm-0455 are two other of his attackers who purchased fraudulent accounts from his Storm-1152 for financial gain to expand their own attacks.
This group has been active since at least 2021 and is believed to be involved in the following websites and pages:
- Hotmailbox.me sells fraudulent Microsoft Outlook accounts
- 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA sell machine learning-based CAPTCHA resolution services that bypass identity verification.
- Social media pages to promote your services.
Microsoft, which collaborated with Arkose Labs on this effort, recognized three Vietnam-based individuals who were instrumental in developing and maintaining the infrastructure: Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai. He said he was able to identify it. Mr. Van Nguyen.
“These individuals operated and coded illegal websites, published video tutorials with detailed instructions on how to use their products, and provided chat services to assist users of their fraudulent services. ” Hogan-Burney noted.
“The company not only sold its technology at a pricing structure based on customer needs, like other types of software companies, but also conducted fake account registration attacks and transferred those fake accounts to other They also sold it to cybercriminals and cashed it out in cryptocurrencies.” Kevin Goschalk and Patrice Boffa Said.