Microsoft Takes Legal Action to Dismantle Storm-1152's Cybercrime Network

On Wednesday, Microsoft announced a significant step in combating cybercrime by obtaining a court order to seize the infrastructure established by the group known as Storm-1152. This group orchestrated the sale of approximately 750 million counterfeit Microsoft accounts and tools to fellow criminals through an intricate web of counterfeit websites and social media platforms, generating millions of dollars in illicit profits for the operators.

[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing

Amy Hogan-Burney, a business lawyer specializing in cybersecurity policy and protection, emphasized the grave consequences of fake online accounts. These repercussions encompass a spectrum of cybercrimes, including mass phishing, identity theft, fraud, and distributed denial-of-service (DDoS) attacks.

Redmond emphasizes that cybercrime-as-a-service (CaaS) services are specifically designed to circumvent identity verification software across various technology platforms. These services facilitate malicious activities online, including phishing, spamming, ransomware, and fraud, ultimately providing attackers with a more accessible entry point.

Notably, threat actors such as Octo Tempest (also known as Scattered Spider) have leveraged Storm-1152’s accounts to propagate ransomware, steal sensitive data, and extort money. Additionally, Storm-0252 and Storm-0455, both driven by financial motives, have purchased fake accounts from Storm-1152 to amplify the scale of their own attacks.

Operating since at least 2021, the group has affiliations with the following websites and pages:

1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA specialize in selling machine learning-based CAPTCHA solution services, enabling users to bypass identity verification. Hotmailbox.me is involved in the sale of counterfeit Microsoft Outlook accounts.

These illicit services are promoted through various pages on social media platforms.

In collaboration with Arkose Labs, Microsoft revealed its findings, pinpointing three key individuals in Vietnam—Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai Van Nguyen. These individuals played crucial roles in constructing and managing the infrastructure supporting the cybercriminal activities.

“These individuals operated and wrote the code for the illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials and provided chat services to assist those using their fraudulent services,” highlighted Hogan-Burney.

Kevin Gosschalk and Patrice Boffa further elaborated, “Not only did the company sell its technology like any other kind of software company – with pricing structures based upon a customer’s needs – but it also would perform fake account registration attacks, sell those fake accounts to other cybercriminals, and then cash out with cryptocurrency.”

In summary, Microsoft’s legal intervention against Storm-1152 underscores the sophisticated nature of cybercrime-as-a-service. The group’s operations, spanning from selling CAPTCHA solutions to orchestrating fake account registration attacks, reveal the intricate web of modern cyber threats. Collaboration with Arkose Labs and the identification of key individuals in Vietnam highlight the global response required to combat such criminal enterprises. The evolving tactics of cybercriminals emphasize the importance of proactive measures and international cooperation to protect against the multifaceted challenges posed by groups like Storm-1152.

REQUEST A DEMO TODAY!