Microsoft dismantles cybercrime group Storm-1152

According to BleepingComputer , Storm-1152 has registered more than 750 million fraudulent accounts and made millions of dollars selling them to criminal groups. It is a provider of criminal services and fraudulent Outlook accounts, as well as services such as automatically solving CAPTCHAs to bypass authentication and registering multiple email accounts from Microsoft.

Storm-1152 operates websites and social media pages to sell fraudulent accounts and tools that bypass identity verification software on popular technology platforms. These services help criminals reduce the time and effort required to commit a variety of online crimes, said the general manager of Microsoft's Digital Crimes Unit.

Microsoft says that since 2021, the group has been involved in a scheme to obtain millions of Microsoft Outlook email accounts under the names of fictitious users, then sell them to other groups for use in various forms.

According to Microsoft Threat Intelligence, multiple criminal groups involved in ransomware distribution and extortion have purchased and used accounts provided by Storm-1152. The Storm-0252, Storm-0455, and Octo Tempest (also known as Scattered Spider) criminal gangs have used accounts from Storm-1152 to infiltrate organizations around the world and deploy ransomware. The resulting service disruptions have resulted in hundreds of millions of dollars in damages, Microsoft estimates.

On December 7, Microsoft seized the infrastructure of US-based Storm-1152 and took down the websites after receiving a court order in New York, including the website selling fraudulent Microsoft Outlook accounts hotmailbox.me, websites supporting tools, infrastructure and selling CAPTCHA solving and identity verification bypass services for other technology platforms, as well as social media pages used to market these services.

The company also sued Duong Dinh Tu, Nguyen Van Linh, and Nguyen Van Tai for participating in organizing cybercrime activities on the seized domains. The defendants managed and developed the source code for the seized websites. They also participated in publishing instructional videos on how to use fraudulent Outlook accounts and providing chat support to other criminals using their fraudulent services.