Microsoft has taken action against Storm-1152, a Vietnam-based group that allegedly sold millions of fake accounts to cybercriminals around the world. These fake accounts were used for various illicit activities such as ransomware attacks, identity theft, and scams. Storm-1152 utilized sophisticated tools to bypass Microsoft’s security features and create fraudulent Outlook and Hotmail email accounts in large quantities.
The group’s operations were first detected in 2021 and were traced back to Vietnam by cybersecurity firm Arkose Labs, which collaborated with Microsoft in combating the group. According to Microsoft’s statement, Storm-1152 is led by three individuals based in Vietnam: Duong Dinh Tu, Linh Van Nguyen, and Tai Van Nguyen. It remains uncertain if there are other members involved. AFP has sought a response from the three individuals regarding the allegations outlined in Microsoft’s complaint filed in a US federal court.
Storm-1152 employed automated software, or bots, to generate fake accounts rapidly. These bots were able to bypass mechanisms such as CAPTCHA puzzles, which are typically used to verify human users. Microsoft’s court filing included a screenshot of a Storm-1152 website that claimed to utilize artificial intelligence to defeat CAPTCHA systems. The group has created approximately 750 million fraudulent Microsoft accounts, making it the primary seller and creator of such accounts.
The purpose of the vast number of fake email accounts created by Storm-1152 was linked to a model known as cybercrime-as-a-service (CaaS). The group acted as a provider to other criminal organizations, enabling them to carry out their operations more efficiently. With tech companies improving their ability to detect and delete fake accounts, cyber attackers have turned to purchasing large quantities of accounts from groups like Storm-1152, rather than attempting to create them manually. Storm-1152 is alleged to have made millions of dollars from this operation.
The fake accounts created by Storm-1152 were utilized for various criminal activities. According to Microsoft and Arkose Labs, these accounts were used for phishing attacks, malware insertion, and ransomware installations. The highest-profile customer named in Microsoft’s court filing is a group called Octo Tempest, which has been associated with a series of cybercrimes in recent years. Octo Tempest was responsible for ransomware attacks against Microsoft customers, resulting in significant financial damages.
Unlike many cybercriminals who operate on the dark web, Storm-1152’s websites were accessible on the open web. The group advertised its services on at least two websites and provided user guides. One of the defendants, Duong Dinh Tu, even had a YouTube channel featuring a video demonstration of their operations. Additionally, the group edited their anti-CAPTCHA software code on GitHub, a platform owned by Microsoft.
To gather evidence against Storm-1152, Microsoft went undercover and made secret purchases of accounts and CAPTCHA-beating tools from the group’s websites. In response to Microsoft’s complaint, a US court granted the company control over Storm-1152’s websites.
This action taken by Microsoft against Storm-1152 demonstrates the company’s commitment to combating cybercrime and protecting its users from the detrimental effects of such illegal activities.
Ravina Pandya, Content Writer, has a strong foothold in the market research industry. She specializes in writing well-researched articles from different industries, including food and beverages, information and technology, healthcare, chemical and materials, etc. With an MBA in E-commerce, she has an expertise in SEO-optimized content that resonates with industry professionals.