About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.

Microsoft Strikes Against Storm-1152 for Illegal Sale of Fake Outlook Credentials

Storm-1152 created 750 million fraudulent Microsoft accounts and earned millions illegally.
Cover Image Source: Photo by cottonbro studio | Pexels
Cover Image Source: Photo by cottonbro studio | Pexels

Microsoft's Digital Crimes Unit has taken action against Storm-1152, a Vietnam-based cybercrime group, per WIRED. This group, known for being a significant cybercrime-as-a-service provider, registered over 750 million fraudulent accounts and generated millions of dollars by selling them to other cybercriminals.

ISSY-LES-MOULINEAUX, FRANCE - JANUARY 25: The logo of the U.S. computer and micro-computing company, Microsoft is visible on the facade of its head office on January 25, 2023 in Issy-les-Moulineaux, France. A global bug affects many Microsoft services today, effects are seen by thousands of users in France. Several Microsoft services, including the Teams collaborative work tool or Outlook messaging, were unavailable worldwide this Wednesday morning due to outages still under investigation, the American group said on Twitter. (Photo by Chesnot/Getty Images)
The logo of Microsoft is visible on the facade of its head office in
Issy-les-Moulineaux, France. | Photo by Chesnot | Getty Images

Storm-1152 specialized in fraudulent Outlook accounts and offered illegal services, including an automatic CAPTCHA-solving service to bypass Microsoft's CAPTCHA challenges, enabling the creation of more fraudulent Microsoft email accounts. The group operated illicit websites and social media pages, facilitating the sale of these fraudulent accounts and tools to bypass identity verification software on various technology platforms. Amy Hogan-Burney, General Manager of Microsoft's Digital Crimes Unit, emphasized the impact of such services in streamlining criminal activities online. The complaint states that since 2021 (at least), the group has orchestrated a scheme involving the acquisition of millions of Microsoft Outlook email accounts under fictitious user names. These fraudulent accounts are then sold to malicious actors for deployment in various forms of cybercrime.

Image Source: Photo by Sora Shimazaki | Pexels
Ensuring cyber security (representative image)| Pexels/Photo by Sora Shimazaki 

As per Microsoft Threat Intelligence, multiple cybergroups involved in ransomware, data theft, and extortion have purchased and utilized accounts supplied by Storm-1152 in their attacks. Notably, financially-driven cybercrime gangs like Storm-0252, Storm-0455, and Octo Tempest (aka Scattered Spider) employed fraudulent accounts from Storm-1152 to infiltrate organizations globally, deploying ransomware on their networks. These attacks led to significant service disruptions, resulting in damages estimated by Microsoft to be in the hundreds of millions of dollars. Microsoft's investigation indicates that the fraudulently obtained Microsoft email accounts were used by organized cybercrime groups, including Storm-0252, Storm-0455, and Octo Tempest, for various cybercriminal activities, including email phishing scams, often used as a means to spread ransomware and other malware.

Image Source: Photo by Tatiana Syrikova | Pexels
Ensuring cyber security (representative image) | Photo by Tatiana Syrikova | Pexels

On December 7, 2023, Microsoft took decisive action against Storm-1152's U.S.-based infrastructure, following a court order from the Southern District of New York. The seized domains included:

-, a website selling fraudulent Microsoft Outlook accounts

- 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, websites facilitating the tooling, infrastructure, and sale of CAPTCHA-solving services to bypass confirmation processes and account setups

- Social media sites actively used for marketing these services

Image Source: Photo by Sora Shimazaki |Pexels
Lawsuit (representative photo) | Pexels/ Photo by Sora Shimazaki

Microsoft also filed a lawsuit against Duong Dinh Tu, Linh Van Nguyen (a/k/a Nguyen Van Linh), and Tai Van Nguyen, alleging their involvement in hosting the cybercriminal operation on the seized domains. The complaint asserts that the defendants were responsible for managing and developing the code for the seized websites. They also created video guides on using fraudulent Outlook accounts and provided chat support to customers utilizing their illicit services. Microsoft's recent action is part of its ongoing strategy to combat the broader cybercriminal ecosystem by targeting the tools utilized in cyberattacks. This approach builds upon the company's successful use of legal methods to disrupt malware and nation-state operations, as highlighted by Hogan-Burney.