The group, identified by Microsoft as Storm-1152, developed sophisticated tools to defeat the US tech giant's security features to set up fraudulent Outlook and Hotmail email accounts in bulk. (Reuters)

Who is Storm-1152, the suspected primary producer of counterfeit Microsoft accounts sold to cybercriminals?

Microsoft has taken control of the websites belonging to a Vietnam-based organization accused of selling numerous counterfeit accounts to cybercriminals. These accounts were allegedly utilized for various illicit activities such as ransomware attacks, identity theft, and scams worldwide. Microsoft, referring to the group as Storm-1152, claims that they employed advanced techniques to bypass the security measures of the tech giant and create a large number of fraudulent Outlook and Hotmail email accounts.

Who is in Storm-1152?

Storm-1152 was first detected in 2021. Arkose Labs, a cybersecurity company that worked with Microsoft against the group, traced it to Vietnam.

The group is led by three Vietnamese individuals, Duong Dinh Tu, Linh Van Nguyen and Tai Van Nguyen, Microsoft said in a statement on Wednesday. It is not clear if there are other members.

AFP has asked the three to respond to email addresses listed in Microsoft’s complaint against them in US federal court last week.

AFP has also contacted Vietnamese authorities for comment.

How did they make millions of accounts so fast?

Storm-1152 developed automated software – or “bots” – to create fake accounts.

These bots defeated Microsoft’s security measures, such as CAPTCHA puzzles that users must solve to prove they are human, the tech giant said in court.

Storm-1152 is the “number one seller and creator of fraudulent Microsoft accounts,” having created about 750 million to date, the company said Wednesday.

Microsoft’s court filing included a screenshot of the Storm-1152 website, which boasts of using artificial intelligence to counter CAPTCHA.

The group created accounts “at such a large, fast and efficient scale that it could only have been accomplished with automated machine learning,” Arkose Labs chief customer officer Patrice Boffa said in a statement.

Who needs so many fake email accounts?

Storm-1152 continued a model called “cybercrime-as-a-service,” or CaaS, acting as a service provider for other criminal groups, Microsoft and Arkose said.

As tech companies get better at detecting and removing fake accounts, cyber attackers need huge sums of money to operate.

“Instead of spending time trying to create thousands of fraudulent accounts, cybercriminals can simply buy them from Storm-1152 and other groups,” Microsoft’s Amy Hogan-Burney said in a blog post.

Storm-1152 allegedly makes millions of dollars from the operation.

What did Storm-1152’s customers do with the fake accounts?

According to Microsoft and Arkose Labs, the group’s customers have used fake email accounts for various crimes.

These include phishing attacks, which aim to either steal data or add malware to devices.

According to Microsoft, its customers have also used these accounts to install ransomware and demand payments from victims.

The top client named in Microsoft’s lawsuit filing is a group called Octo Tempest, which has been linked to a wave of cybercrimes in recent years.

Octo Tempest recently launched ransomware attacks against Microsoft customers that “caused hundreds of millions of dollars in damage,” the company said in court, without naming the victims.

Google and X, formerly known as Twitter, have also been affected by Storm-1152 activity, Microsoft said in the filing.

Was finding Storm-1152 difficult?

Unlike many cybercriminals who offer such services on the so-called dark web, hidden from ordinary users, Storm-1152’s websites were on the open web.

It offered its services on at least two websites, according to Microsoft, and even had step-by-step guides.

Duong Dinh Tu, one of the accused, also had a YouTube channel with a video demonstration, and the group edited the code of its anti-CAPTCHA software on GitHub – an Internet repository for software owned by Microsoft.

Microsoft also said it is hiring cybercrime experts to make secret accounts and CAPTCHA-busting tools from Storm-1152 websites.

A US court allowed Microsoft to take control of the group’s sites in response to a complaint filed by the company last week.

Sites now say, “This domain has been seized by Microsoft.”

News

Apple releases new beta updates for iOS 18 and iPadOS 18 ahead of upcoming public launch, discover the latest features

Adriana MaraisJuly 29, 24Apple, iOS, iPhone

Apple has released new beta versions of iOS 18 and iPadOS 18, which are now accessible...
News

DOJ claims TikTok gathered data on users’ opinions on topics such as abortion, gun control, and religion

Adriana MaraisJuly 29, 24TikTok

On Friday night, the Department of Justice urged a federal court to dismiss TikTok’s request to...
News

Warner Bros. Discovery files lawsuit against NBA to prevent Amazon’s new streaming package

Nitin MisraJuly 29, 24Amazon, Entertainment

Warner Bros. Discovery has taken legal action against the NBA after the league rejected its bid...

Who is Storm-1152, the suspected primary producer of counterfeit Microsoft accounts sold to cybercriminals?

Who is in Storm-1152?

How did they make millions of accounts so fast?

Who needs so many fake email accounts?

What did Storm-1152’s customers do with the fake accounts?

Was finding Storm-1152 difficult?

Related posts

Leave a Comment Cancel reply

The Bioshock movie is moving forward with a smaller budget

Amazon releases the first teaser for its upcoming Yakuza adaptation

Modders create miniature Nintendo Wii that can be used as a keychain

Modders create miniature Nintendo Wii that can be used as a keychain

Respawn is reversing its unpopular alterations to the Apex Legends battle pass

World of Warcraft employees achieve ‘form a union’ milestone