Hackers sell fake Microsoft products and accounts because it allows them to profit from illicit activities, taking advantage of unsuspecting users.
Microsoft’s security team, partnered with Arkose Labs, is cracking down on cyber criminals Storm-1152, the top seller of fake Microsoft accounts.
Microsoft affirmed that they are vigilant and that anyone messing with fraudulent products will face the consequences.
Microsoft Seized Storm-1152 Websites
Storm-1152 operates dark sites, marketing fake Microsoft accounts and tools to bypass identity checks on popular platforms.
They have spawned 750 million fraud accounts, raking in millions, causing Microsoft and others hefty losses fighting their crime.
Storm-1152 fuels the cybercrime-as-a-service scene, providing cybercriminals with bulk fraudulent accounts for efficient illicit operations.
Instead of struggling to create accounts, criminals just buy them. This enables them to focus on:-
Microsoft’s Threat Intelligence links Storm-1152 accounts to various malicious groups like Octo Tempest, enhancing their global extortion campaigns.
Other threat actors, like Storm-0252 and Storm-0455, also strengthen their attacks with Storm-1152’s purchased accounts.
On Dec 7, Microsoft got a court order to seize the U.S. infrastructure of Storm-1152 and shut down the sites harming Microsoft users.
The impact extends beyond Microsoft, hitting services on various tech platforms, and besides this, the Digital Crimes Unit of Microsoft disrupted:-
- Hotmailbox[.]me
- 1stCAPTCHA
- AnyCAPTCHA
- NoneCAPTCHA
- The social media sites
Microsoft ensures a secure digital experience by partnering with Arkose Labs for a next-gen CAPTCHA solution.
Kevin Gosschalk, Arkose Labs CEO, labels Storm-1152 a brazen adversary profiting from aiding complex attacks openly.
Operating in plain sight, Storm-1152 sells fraud and deceives victims, violating Microsoft’s terms and harming Arkose Labs’ customers.
“Storm-1152’s services are easily procured on the web and frequently are used as the first step in illegal and illicit online activities, many of which lead to money laundering,” reads Arkose Labs’ report.
Researchers analyzed Storm-1152’s US-based malicious infrastructure, and they identified Vietnam-based actors:-
- Duong Dinh Tu
- Linh Van Nguyễn
- Tai Van Nguyen
Besides this, they operated:-
- Illegal websites
- Crafted code
- Offered support for fraudulent services
Microsoft continues targeting cybercriminal tools, using legal methods to disrupt malware and nation-state operations.
To detect the fraudulent accounts, they collaborated with industry partners and also enhanced intelligence sharing on:-
- Fraud
- Improving AI
- Improving machine learning
Legal action affects Storm-1152, but other cyber threats will adjust. Ongoing teamwork, exemplified by Arkose Labs and U.S. law enforcement, is crucial to combat cybercrime effectively.