Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts

Microsoft on Wednesday announced the disruption of Storm-1152, a cybercrime-as-a-service ecosystem that created 750 million fraudulent Microsoft accounts in support of phishing, identity theft, and other schemes.
The CaaS is believed to have made millions of dollars in illicit revenue by creating fraudulent accounts for other cybercrime groups to use in phishing, spam, ransomware, distributed denial-of-service, and other types of attacks.
One of Storm-1152's customers has been Octo Tempest, also known as Scattered Spider, 0ktapus, and UNC3944, which has used the fraudulent accounts in social engineering attacks aimed towards financial extortion.
Storm-0252, Storm-0455, and other ransomware or extortion groups also purchased accounts from the CaaS. With help from bot management and account security firm Arkose Labs, which has been tracking Storm-1152 since August 2021, Microsoft gathered intelligence on the CaaS and its activities and infrastructure, which it then used to obtain a court order to seize the cybercrime ring's US-based infrastructure.
Issued on December 7, the court order allowed Microsoft to take over domains such as Hotmailbox[.
Me, 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, as well as social media accounts that the CaaS has been using to promote the illicit services.
Microsoft has revealed the identity of three individuals believed to be operating Storm-1152, namely Duong Dinh Tu, Linh Van Nguyễn, and Tai Van Nguyen, all based in Vietnam.
Storm-1152's activities first caught the eye of Arkose Labs, which started investigating the group and reported the findings to Microsoft.
Together, the two companies started collecting tactics, techniques, and procedures associated with the threat actor, to identify its infrastructure.
According to Arkose Labs, Storm-1152 has been observed pivoting their business model to circumvent protective measures deployed against it, including switching between CAPTCHA solver services.
The two companies also reported their findings to law enforcement.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 14 Dec 2023 12:13:05 +0000


Cyber News related to Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts

Microsoft takes down websites used to create 750 million fraudulent accounts - Microsoft seized certain websites run by a Vietnam-based group that created roughly 750 million fraudulent Microsoft accounts after the software maker received a court order a week ago from the Southern District of New York. Posting to its blog Dec. ...
1 year ago Packetstormsecurity.com
CVE-2019-10712 - The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. ...
4 years ago
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse - After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology. Alongside the warnings, Microsoft said it recently used a ...
1 year ago Therecord.media
Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts - Microsoft on Wednesday announced the disruption of Storm-1152, a cybercrime-as-a-service ecosystem that created 750 million fraudulent Microsoft accounts in support of phishing, identity theft, and other schemes. The CaaS is believed to have made ...
1 year ago Securityweek.com
Microsoft Shuts Down a Criminal Ring Responsible for Creating Over 750 Million Fake Accounts - Microsoft Corp. has shut down a cybercrime group's US-based infrastructure, which created more than 750 million fake accounts across the company's services. Microsoft carried out the takedown with the support of Arkose Labs Inc., a venture-backed ...
1 year ago Cysecurity.news
The New Cybercrime Atlas: A Collaborative Approach to Fighting Digital Crime - The global transition to the digital economy means that the operations of governments, critical infrastructures, businesses, and individuals are now a tightly integrated system of interconnected resources. Cybercrime presents a significant risk to ...
10 months ago Feeds.fortinet.com
Microsoft seizes domains used to sell fraudulent Outlook accounts - Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. According to ...
1 year ago Bleepingcomputer.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
8 months ago Securityboulevard.com
Microsoft Targets Threat Group Behind Fake Accounts - Microsoft seized parts of the infrastructure of a prolific Vietnam-based threat group that the IT giant said was responsible for creating as many as 750 million fraudulent Microsoft accounts that were then sold to other bad actors and used to launch ...
1 year ago Securityboulevard.com
Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks - Microsoft's Digital Crimes Unit last week disrupted a prolific cybercrime-as-a-service purveyor that it calls Storm-1152, which registered more than 750 million fraudulent Microsoft accounts to sell online to other cybercriminals - raking in millions ...
1 year ago Darkreading.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
1 year ago Packetstormsecurity.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
10 months ago Bleepingcomputer.com
Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
1 year ago Bleepingcomputer.com
German police takes down Kingdom Market cybercrime marketplace - The Federal Criminal Police Office in Germany and the internet-crime combating unit of Frankfurt have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs. The law enforcement operation ...
1 year ago Bleepingcomputer.com
UN Cybercrime Convention: Tight Timeframe to Create New Global Approach to Combat Cybercrime - Cybercrime is a growing problem that affects nearly all of the world's nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the ...
1 year ago Csoonline.com
US charged 19 suspects linked to xDedic cybercrime marketplace - The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. An international operation ...
11 months ago Bleepingcomputer.com
CVE-2020-12506 - Improper Authentication vulnerability in WAGO 750-8XX series with FW version < FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO ...
3 years ago
CVE-2020-12505 - Improper Authentication vulnerability in WAGO 750-8XX series with FW version < FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO ...
3 years ago
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
1 year ago Thehackernews.com
Apple blocked $7 billion in fraudulent App Store purchases in 4 years - Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. From 2020 through 2023, the company also detected more than 14 ...
7 months ago Bleepingcomputer.com
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing - As we reflect on 2022, we've seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere - and more frequently. The volume and ...
1 year ago Securityweek.com
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
1 year ago Hackread.com
Prioritizing cybercrime intelligence for effective decision-making in cybersecurity - In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will cover a range of essential aspects, from the importance of continuous ...
10 months ago Helpnetsecurity.com
Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts - The Digital Crimes Unit of Microsoft disrupted a major supplier of cybercrime-as-a-service last week, dubbed Storm-1152. The attackers had registered over 750 million fake Microsoft accounts, which they planned to sell online to other cybercriminals, ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)