Microsoft seized certain websites run by a Vietnam-based group that created roughly 750 million fraudulent Microsoft accounts after the software maker received a court order a week ago from the Southern District of New York.
Posting to its blog Dec. 13, Microsoft said it identified the threat group as Storm-1152 and said in its complaint that the group runs a criminal enterprise that uses lies and deception to breach Microsoft's CAPTCHA and other security measures, procure fraudulent Microsoft Outlook email accounts, and then sell the fraudulent accounts to a roster of cybercriminals.
Microsoft said such fraudulent online accounts act as the gateway to a host of cybercrime, including mass phishing, identity theft and fraud, and distributed-denial-of-service attacks.
To date, these activities have earned Storm-1152 millions of dollars in illicit revenue, costing Microsoft and other companies even more to combat their criminal activity.
Hogan-Burney wrote that Microsoft took down Hotmailbox.
Me, a marketplace for fraudulent Microsoft Outlook accounts; 1stCaptcha, AnyCaptcha, and NoneCaptcha, which sold identity verification bypass tools; as well as the social media sites used to market the fraudulent services.
Microsoft said it has seized these sites, pending its request to the Southern District of New York for a jury trial.
Callie Guenther, senior manager, cyber threat research at Critical Start, said Microsoft's recent move marks a significant step in corporate-led cybersecurity enforcement.
Guenther said this approach, while not entirely novel, underscores a proactive stance by private tech companies in combating cybercrime and disrupts the operations of cybercrime groups, at least temporarily.
Guenther added that from a threat intelligence standpoint, actions like Microsoft's are crucial for understanding and countering sophisticated cybercrime operations.
It helps security teams do the following: map the ecosystem of cybercrime-as-a-service; identify new trends in cybercrime - such as the use of fraudulent accounts for ransomware and data theft - and enhance the threat intelligence databases with updated indicators of compromise and TTPs. Microsoft has been involved in similar actions before.
In December 2021, Microsoft took action against Chinese hackers using digital certificates to mask malicious activities.
Guenther said such aggressive and public interventions by tech companies are relatively rare, primarily because of the complexities involved in legal and geopolitical considerations.
Apple also collaborated with the FBI in 2016 to take down torrent sites.
Austin Berglas, global head of professional services at BlueVoyant, added that these takedowns can only advance the cause of the defenders if supported by other actions.
Berglas said disruption of operations may only be temporary if the core organization and personnel are left untouched.
Ngoc Bui, cybersecurity expert at Menlo Security,said this case sheds light on the often-overlooked technical capabilities and cybercrime activities originating from countries like Vietnam.
Bui said it's a reminder that cybercrime is a global issue, with significant activities stemming from regions that might not be typically associated with high-profile cybercriminal operations.
This Cyber News was published on packetstormsecurity.com. Publication date: Fri, 15 Dec 2023 15:43:04 +0000