What is Storm-1152, alleged top creator of fake Microsoft accounts sold to cybercriminals? | Tech News

What is Storm-1152, alleged top creator of fake Microsoft accounts sold to cybercriminals?

Microsoft has seized the websites of a Vietnam-based group it alleges sold millions of fake accounts to cybercriminals who used them for ransomware attacks, identity theft and other scams around the world.

By:AFP
| Updated on: Dec 16 2023, 06:59 IST
Microsoft to unveil new Copilot features! DALL-E 3 to GPT-4 Turbo, check benefits now
Microsoft
1/6 Microsoft’s take on bringing AI services to their customer has drastically shifted over the years. First, the company introduced the generative AI tool called Bing Chat. Now, Microsoft has announced an umbrella of AI features under Microsoft Copilot. The company also announced the new upcoming features to the platform for 2024. (Microsoft)
image caption
2/6 GPT-4 Turbo: Microsoft has revealed that the copilot will be integrated with OpenAI's latest model, GPT-4 Turbo. This will immensely benefit users to generate advanced responses along with managing complex and longer tasks. After the testing of the feature is complete, it will be rolled out to users in the coming weeks.  (Microsoft)
Microsoft
3/6 Advanced DALL-E 3 Model: With  DALL-E 3, the copilot will be able to generate even higher-quality images. It is said to generate accurate images based on the prompts given to the system. The feature has already been available to users on Microsoft Paint. (Microsoft)
Microsoft
4/6 Multi-Modal with Search Grounding: Microsoft is integrating the capabilities of GPT-4 to vision alongside Bing image search and web search data for better image interpretation and understanding. This will enable users to get better image queries. The feature will soon be made available to the users.  (Microsoft)
Microsoft
5/6 Deep Search: With GPT-4, Deep search will enable users to get optimized search results for complex topics. The feature broadens search queries and provides more comprehensive descriptions with relevant results. (Microsoft)
Microsoft
6/6 Additionally, there are two new features such as Inline Compose with rewrite menu which enable users to rewrite website data. The other feature is a Code Interpreter which is designed to perform complex tasks such as writing codes, data analysis, visualization, math and more.  (Microsoft)
Microsoft
icon View all Images
The group, identified by Microsoft as Storm-1152, developed sophisticated tools to defeat the US tech giant's security features to set up fraudulent Outlook and Hotmail email accounts in bulk. (Reuters)

Microsoft has seized the websites of a Vietnam-based group it alleges sold millions of fake accounts to cybercriminals who used them for ransomware attacks, identity theft and other scams around the world. The group, identified by Microsoft as Storm-1152, developed sophisticated tools to defeat the US tech giant's security features to set up fraudulent Outlook and Hotmail email accounts in bulk.

Who is in Storm-1152?

Storm-1152 was first detected in 2021. Arkose Labs, the cybersecurity firm that worked with Microsoft against the group, tracked it to Vietnam.

You may be interested in

MobilesTablets Laptops
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

The leaders of the group are three Vietnam-based individuals, Duong Dinh Tu, Linh Van Nguyen and Tai Van Nguyen, Microsoft said in a statement on Wednesday. It is not clear if there are any other members.

Also read
Looking for a smartphone? To check mobile finder click here.

AFP has asked the three for a response on email addresses listed in Microsoft's complaint against them in a US federal court last week.

AFP has also contacted Vietnamese authorities for comment.

How did they make millions of accounts so rapidly?

Storm-1152 developed automated software -- or "bots" -- to create fake accounts.

These bots defeated Microsoft's safeguards, such as the CAPTCHA puzzles users have to solve to prove they are human, the tech giant said in its court filing.

Storm-1152 is "the number one seller and creator of fraudulent Microsoft accounts", creating around 750 million to date, the company said Wednesday.

Microsoft's court filing included a screenshot of a Storm-1152 website that boasts the use of artificial intelligence against CAPTCHA.

The group created accounts "at a scale so large, fast, and efficient that it could have only been carried out through automated, machine-learning technology", Patrice Boffa, chief customer officer at Arkose Labs, said in a statement.

Who needs so many fake email accounts?

Storm-1152 pursued a model called "cybercrime-as-a-service" or CaaS, acting as a provider to other criminal groups, Microsoft and Arkose said.

With tech companies improving their detection and deletion of fake accounts, cyber attackers need huge amounts to carry out their operations.

"Instead of spending time trying to create thousands of fraudulent accounts, cybercriminals can simply purchase them from Storm-1152 and other groups," Microsoft's Amy Hogan-Burney said in a blog post.

Storm-1152 allegedly made millions of dollars from the operation.

What did Storm-1152's customers do with fake accounts?

The group's customers have used fake email accounts for a variety of crimes, according to Microsoft and Arkose Labs.

These include phishing attacks to either steal information or insert malware on devices.

Its customers have also used these accounts to install ransomware and demand payment from victims, according to Microsoft.

The highest-profile customer named in Microsoft's court filing is a group known as Octo Tempest, which has been linked to a wave of cybercrimes in recent years.

Octo Tempest recently launched ransomware attacks against Microsoft customers that "inflicted hundreds of millions of dollars of damage", the company said in its court filing, without naming the victims.

Google and X, formerly known as Twitter, have also been hit by Storm-1152 activities, Microsoft said in the filing.

Was it hard to find Storm-1152?

Unlike many cybercriminals that offer such services on the so-called dark web, hidden away from general users, Storm-1152's websites were on the open web.

It offered its services on at least two websites, according to Microsoft, and even had step-by-step user guides.

Duong Dinh Tu, one of the defendants, also had a YouTube channel with a video demonstration, and the group would edit the code for their anti-CAPTCHA software on GitHub -- a Microsoft-owned internet depository for software.

Microsoft said it also hired cybercrime experts to make undercover purchases of accounts and CAPTCHA-beating tools from Storm-1152 websites.

A US court allowed Microsoft to take control of the group's sites in response to the company's complaint last week.

The sites now say: "This Domain has been seized by Microsoft."

 

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 16 Dec, 06:59 IST
Tags:
NEXT ARTICLE BEGINS