Microsoft Takes Legal Action to Destroy Cybercrime Network in Storm-1152

December 14, 2023NewsroomCybercrime / Threat intelligence

Cybercrime Network

Microsoft on Wednesday said it had obtained a court order to seize the infrastructure built by a group called Storm-1152 that sold an estimated 750 million fraudulent Microsoft accounts and devices through a network of fake websites and social media pages to other criminal actors, earning them millions of dollars in illegal profits.

“Fraudulent online accounts act as a gateway to many cybercrimes, including mass phishing, identity theft and fraud, and distributed denial-of-service (DDoS) attacks,” Amy Hogan -Burney, the company’s associate general counsel for cybersecurity policy and protection, SAYS.

These cybercrime-as-a-service (CaaS) offerings, according to Redmond, are designed to integrate identity verification software across various technology platforms and help reduce the efforts required to conduct malicious attacks. activity online, including phishing, spamming, ransomware, and fraud, effectively lowering the barriers to entry for attackers.


Cook AI-Powered Threats with Zero Trust – Webinar for Security Professionals

Traditional security measures just won’t cut it in today’s world. It’s time for Zero Trust Security. Secure your data like never before.

Join now

Several threat actors, including Octo Tempest (aka Scattered Spider), are said to be using Storm-1152 accounts to pull off ransomware, data theft, and extortion schemes. Two other financially motivated threat actors who purchased fraudulent accounts from Storm-1152 to scale their own attacks are Storm-0252 and Storm-0455.

Cybercrime Network

The group, active since 2021, is attributed to the following websites and pages –

  • for selling fraudulent Microsoft Outlook accounts
  • 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA for the sale of machine learning-based CAPTCHA solving services to evade identity verification
  • Social media pages for advertising services

Microsoft, which collaborated with Arkose Labs on the initiative, said it was able to identify three individuals based in Vietnam who were instrumental in developing and maintaining the infrastructure: Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai Van Nguyen.


“These individuals operate and write code for banned websites, publish detailed step-by-step instructions on how to use their products through video tutorials and provide chat services to help are using their services fraudulently,” Hogan-Burney said.

“Not only does the company sell its technology like any other kind of software company – with pricing structures based on a customer’s needs – but it also conducts fake account registration attacks , sell the fake accounts to other cybercriminals, and then cash out with crypto. money,” Kevin Gosschalk and Patrice Boffa SAYS.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment