What is Storm-1152, alleged top creator of fake Microsoft accounts?

What is Storm-1152, alleged top creator of fake Microsoft accounts?

Microsoft has seized the websites of Storm-1152, a Vietnam-based group it says is responsible for creating hundreds of millions of fake accounts
Microsoft has seized the websites of Storm-1152, a Vietnam-based group it says is responsible for creating hundreds of millions of fake accounts. Photo: Josep LAGO / AFP/File
Source: AFP

Microsoft has seized the websites of a Vietnam-based group it alleges sold millions of fake accounts to cybercriminals who used them for ransomware attacks, identity theft and other scams around the world.

The group, identified by Microsoft as Storm-1152, developed sophisticated tools to defeat the US tech giant's security features to set up fraudulent Outlook and Hotmail email accounts in bulk.

Who is in Storm-1152?

Storm-1152 was first detected in 2021. Arkose Labs, the cybersecurity firm that worked with Microsoft against the group, tracked it to Vietnam.

The leaders of the group are three Vietnam-based individuals, Duong Dinh Tu, Linh Van Nguyen and Tai Van Nguyen, Microsoft said in a statement on Wednesday. It is not clear if there are any other members.

AFP has asked the three for a response on email addresses listed in Microsoft's complaint against them in a US federal court last week.

Read also

Meta rolls out Twitter rival Threads in the EU

AFP has also contacted Vietnamese authorities for comment.

How did they make millions of accounts so rapidly?

Storm-1152 developed automated software -- or "bots" -- to create fake accounts.

These bots defeated Microsoft's safeguards, such as the CAPTCHA puzzles users have to solve to prove they are human, the tech giant said in its court filing.

Storm-1152 is "the number one seller and creator of fraudulent Microsoft accounts", creating around 750 million to date, the company said Wednesday.

Microsoft's court filing included a screenshot of a Storm-1152 website that boasts the use of artificial intelligence against CAPTCHA.

The group created accounts "at a scale so large, fast, and efficient that it could have only been carried out through automated, machine-learning technology", Patrice Boffa, chief customer officer at Arkose Labs, said in a statement.

Read also

Nepali TikTok influencers reel after sudden ban

Who needs so many fake email accounts?

Storm-1152 pursued a model called "cybercrime-as-a-service" or CaaS, acting as a provider to other criminal groups, Microsoft and Arkose said.

With tech companies improving their detection and deletion of fake accounts, cyber attackers need huge amounts to carry out their operations.

"Instead of spending time trying to create thousands of fraudulent accounts, cybercriminals can simply purchase them from Storm-1152 and other groups," Microsoft's Amy Hogan-Burney said in a blog post.

Storm-1152 allegedly made millions of dollars from the operation.

What did Storm-1152's customers do with fake accounts?

The group's customers have used fake email accounts for a variety of crimes, according to Microsoft and Arkose Labs.

These include phishing attacks to either steal information or insert malware on devices.

Its customers have also used these accounts to install ransomware and demand payment from victims, according to Microsoft.

The highest-profile customer named in Microsoft's court filing is a group known as Octo Tempest, which has been linked to a wave of cybercrimes in recent years.

Read also

Netflix releases vast viewing data for first time

Octo Tempest recently launched ransomware attacks against Microsoft customers that "inflicted hundreds of millions of dollars of damage", the company said in its court filing, without naming the victims.

Google and X, formerly known as Twitter, have also been hit by Storm-1152 activities, Microsoft said in the filing.

Was it hard to find Storm-1152?

Unlike many cybercriminals that offer such services on the so-called dark web, hidden away from general users, Storm-1152's websites were on the open web.

It offered its services on at least two websites, according to Microsoft, and even had step-by-step user guides.

Duong Dinh Tu, one of the defendants, also had a YouTube channel with a video demonstration, and the group would edit the code for their anti-CAPTCHA software on GitHub -- a Microsoft-owned internet depository for software.

Microsoft said it also hired cybercrime experts to make undercover purchases of accounts and CAPTCHA-beating tools from Storm-1152 websites.

Read also

Threads countdown teases app's potential EU launch

A US court allowed Microsoft to take control of the group's sites in response to the company's complaint last week.

The sites now say: "This Domain has been seized by Microsoft."

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.