Microsoft took down infrastructure of Storm-1152 which created 750 million fraudulent Microsoft accounts

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Key notes

  • Microsoft remains committed to providing a safe digital experience for all users.
  • In partnership with Arkose Labs, the company has implemented a next-generation CAPTCHA defense solution to ensure that account holders are human and not bots.
Microsoft cybercriminals

In a bold move against cybercrime, Microsoft, in collaboration with Arkose Labs, has targeted Storm-1152, a major player in the creation and sale of fraudulent Microsoft accounts. This group, which operates illicit websites and social media pages, has been a significant contributor to cybercrime, facilitating phishing, identity theft, fraud, and DDoS attacks.

Storm-1152 has reportedly generated around 750 million fraudulent Microsoft accounts, leading to substantial illicit revenue and causing significant costs for Microsoft and other companies in their efforts to combat this criminal activity. The group’s operations have been instrumental in the cybercrime-as-a-service ecosystem, providing criminals with a ready supply of fraudulent accounts to support their activities.

Microsoft’s actions aim to deter such criminal behavior by increasing the cost and slowing the speed of cybercriminal operations. The company has identified several groups involved in ransomware, data theft, and extortion that have utilized Storm-1152’s services, including Octo Tempest, also known as Scattered Spider.

On December 7, Microsoft secured a court order to seize U.S.-based infrastructure and disable websites used by Storm-1152. This action has wider implications, benefiting users beyond Microsoft’s customer base. The disrupted sites include Hotmailbox.me, a site selling fraudulent Microsoft Outlook accounts, and 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, which sold tools to bypass identity verification on various technology platforms.

Microsoft remains committed to providing a safe digital experience for all users. In partnership with Arkose Labs, the company has implemented a next-generation CAPTCHA defense solution to ensure that account holders are human and not bots.

The individuals behind Storm-1152’s operations have been identified as Duong Dinh Tu, Linh Van Nguy?n, and Tai Van Nguyen, all based in Vietnam. These individuals have been found to operate and code the illicit websites, provide detailed instructions on using their products, and offer chat services to assist users of their fraudulent services.

Microsoft has submitted a criminal referral to U.S. law enforcement and continues to work towards disrupting the broader cybercriminal ecosystem. The company acknowledges that the fight against cybercrime requires persistence and ongoing vigilance, and is prepared for other threat actors to adapt their techniques in response to these actions. Microsoft emphasizes the importance of continued collaboration between public and private sectors in the fight against cybercrime.

More about the topics: cybercriminals, microsoft