Cybercrime
,
Fraud Management & Cybercrime
Criminals Created 750 Million Fraudulent Microsoft Accounts
A U.S. federal court at the behest of Microsoft seized multiple domains used by a Vietnamese cybercrime group that created 750 million fraudulent Microsoft accounts while raking millions of dollars in illicit revenue.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
Microsoft obtained Dec. 7 a court order unsealed Wednesday temporarily seizing four domains that supported a scheme for selling cybercriminals access to email accounts opened in the name of fictitious users. The threat actor, tracked by Microsoft as Storm-1152, also sold services to bypass CAPTCHA restraints on automated online activity.
The order will become permanent if the defendants, three Vietnamese men, fail to respond to the order by appearing in the U.S. District Court for the District of Southern New York. Storm-1152 has been active since at least 2021. The individuals allegedly operated and authored the code for illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials and offered chat services to aid users with their fraudulent services.
Microsoft Threat Intelligence said it detected multiple criminal groups engaged in ransomware, data theft, and extortion, that are customers of Storm-1152. One such group is Octo Tempest, also recognized as Scattered Spider (see: Meet Octo Tempest, ‘Most Dangerous Financial’ Hackers).
“Microsoft is actively monitoring various other ransomware and extortion threat actors who have procured fraudulent accounts from Storm-1152 to augment their attack strategies, including Storm-0252 and Storm-0455,” said Amy Hogan-Burney, general manager, associate general counsel, cybersecurity policy and protection at Microsoft.
Microsoft’s Digital Crimes Unit disrupted:
- Hotmailbox.me, a website selling fraudulent Microsoft Outlook accounts;
- 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, websites that facilitate the tooling, infrastructure, and selling of the CAPTCHA solve service to bypass the confirmation of use and account setup by a real person. These sites sold identity verification bypass tools for other technology platforms; and,
- Social media activity actively used to market these services.