Microsoft has gone after a prolific Vietnam-based threat group it describes as “the number one seller and creator” of fake accounts.
Storm-1152 has made millions from the creation of an estimated 750 million fraudulent Microsoft accounts that play a key role in the cybercrime ecosystem, the Redmond giant said.
“With companies able to quickly identify and shut down fraudulent accounts, criminals require a greater quantity of accounts to circumvent mitigation efforts. Instead of spending time trying to create thousands of fraudulent accounts, cybercriminals can simply purchase them from Storm-1152 and other groups,” Microsoft said.
“This allows criminals to focus their efforts on their ultimate goals of phishing, spamming, ransomware, and other types of fraud and abuse. Storm-1152 and groups like them enable scores of cybercriminals to carry out their malicious activities more efficiently and effectively.”
Read more on Microsoft takedowns: Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium
As part of its disruption efforts, Microsoft obtained a court order to take down US-based websites and infrastructure used by the group. These included:
- Hotmailbox.me, a website selling fraudulent Microsoft Outlook accounts
- 1stCAPTCHA, AnyCAPTCHA and NoneCAPTCHA, websites that sell CAPTCHA solve services for identity verification bypass
- Social media sites used to market the above services
Kevin Gosschalk, CEO of Arkose Labs, which helped Microsoft with its takedown efforts, described Storm-1152 as a “formidable foe” that enables complex cyber-attacks.
“The group is distinguished by the fact that it built its cybercrime-as-a-service business in the light of day versus on the dark web,” he added. “Storm-1152 operated as a typical internet going-concern, providing training for its tools and even offering full customer support. In reality, Storm-1152 was an unlocked gateway to serious fraud.”
As part of its efforts, Microsoft unmasked the actors leading Storm-1152: Duong Dinh Tu, Linh Van Nguyễn and Tai Van Nguyen.