Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts

The Digital Crimes Unit of Microsoft disrupted a major supplier of cybercrime-as-a-service last week, dubbed Storm-1152.
The attackers had registered over 750 million fake Microsoft accounts, which they planned to sell online to other cybercriminals, making millions of dollars in the process.
Cybercriminals can employ fraudulent accounts linked to fictitious profiles as a virtually anonymous starting point for automated illegal operations including ransomware, phishing, spamming, and other fraud and abuse.
Storm-1152 is the industry leader in the development of fictitious accounts, offering account services to numerous prominent cyber threat actors.
Microsoft lists Scattered Spider as one of these cybercriminals.
They are the ones responsible for the ransomware attacks on Caesars Entertainment and the MGM Grand this fall).
Storm-1152's ability to circumvent security measures such as CAPTCHAs and construct millions of Microsoft accounts linked to nonexistent people highlights the group's expertise, according to researchers.
Platforms can take a number of precautions to prevent unwittingly aiding cybercrime, the researchers noted.
One such safeguard is the implementation of sophisticated detection algorithms that can recognise and flag suspicious conduct at scale, ideally with the help of AI. Furthermore, putting robust multifactor authentication in place for the creation of accounts-especially those with elevated privileges-can greatly lower the success rate of creating fake accounts.
Ontinue's Jones emphasises that more work needs to be done on a number of fronts.


This Cyber News was published on www.cysecurity.news. Publication date: Wed, 20 Dec 2023 15:43:05 +0000


Cyber News related to Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts

Microsoft Targets Threat Group Behind Fake Accounts - Microsoft seized parts of the infrastructure of a prolific Vietnam-based threat group that the IT giant said was responsible for creating as many as 750 million fraudulent Microsoft accounts that were then sold to other bad actors and used to launch ...
1 year ago Securityboulevard.com
Microsoft Shuts Down a Criminal Ring Responsible for Creating Over 750 Million Fake Accounts - Microsoft Corp. has shut down a cybercrime group's US-based infrastructure, which created more than 750 million fake accounts across the company's services. Microsoft carried out the takedown with the support of Arkose Labs Inc., a venture-backed ...
1 year ago Cysecurity.news
Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts - Microsoft on Wednesday announced the disruption of Storm-1152, a cybercrime-as-a-service ecosystem that created 750 million fraudulent Microsoft accounts in support of phishing, identity theft, and other schemes. The CaaS is believed to have made ...
1 year ago Securityweek.com
Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts - The Digital Crimes Unit of Microsoft disrupted a major supplier of cybercrime-as-a-service last week, dubbed Storm-1152. The attackers had registered over 750 million fake Microsoft accounts, which they planned to sell online to other cybercriminals, ...
1 year ago Cysecurity.news
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
11 months ago Microsoft.com
Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted - Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars. Cybercrime-as-a-service is a model ...
1 year ago Helpnetsecurity.com
Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks - Microsoft's Digital Crimes Unit last week disrupted a prolific cybercrime-as-a-service purveyor that it calls Storm-1152, which registered more than 750 million fraudulent Microsoft accounts to sell online to other cybercriminals - raking in millions ...
1 year ago Darkreading.com
How Microsoft's cybercrime unit has evolved to combat increased threats - Governments and the tech industry around the world have been scrambling in recent years to curb the rise of online scamming and cybercrime. Even with progress on digital defenses, enforcement, and deterrence, the ransomware attacks, business email ...
1 year ago Packetstormsecurity.com
Microsoft's Digital Crime Unit Goes Deep on How It Disrupts Cybercrime - Governments and the tech industry around the world have been scrambling in recent years to curb the rise of online scamming and cybercrime. Even with progress on digital defenses, enforcement, and deterrence, the ransomware attacks, business email ...
1 year ago Wired.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
8 months ago Securityboulevard.com
Microsoft seizes domains used to sell fraudulent Outlook accounts - Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. According to ...
1 year ago Bleepingcomputer.com
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse - After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology. Alongside the warnings, Microsoft said it recently used a ...
1 year ago Therecord.media
Microsoft takes down websites used to create 750 million fraudulent accounts - Microsoft seized certain websites run by a Vietnam-based group that created roughly 750 million fraudulent Microsoft accounts after the software maker received a court order a week ago from the Southern District of New York. Posting to its blog Dec. ...
1 year ago Packetstormsecurity.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Fake and Stolen X Gold Accounts Flood Dark Web - A surge of fake or stolen X Gold accounts has been flooding marketplaces and forums both on the surface web and the dark web over the past year, according to CloudSEK. Threat actors have used multiple techniques to forge or steal X Gold accounts ...
11 months ago Infosecurity-magazine.com
Microsoft Disabled App Installer Abused by Hackers - Threat actors, particularly those with financial motivations, have been observed spreading malware via the ms-appinstaller URI scheme. As a result of this activity, Microsoft has disabled the ms-appinstaller protocol handler by default. The ...
11 months ago Cybersecuritynews.com
Microsoft Targets Prolific Outlook Fraudster Storm-1152 - Storm-1152 has made millions from the creation of an estimated 750 million fraudulent Microsoft accounts that play a key role in the cybercrime ecosystem, the Redmond giant said. As part of its disruption efforts, Microsoft obtained a court order to ...
1 year ago Infosecurity-magazine.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
10 months ago Bleepingcomputer.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
1 year ago Bleepingcomputer.com
Microsoft extends Purview Audit log retention after July breach - Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July. The list of affected organizations included government ...
1 year ago Bleepingcomputer.com
CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago
Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
2 months ago Bleepingcomputer.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)