Microsoft Takes Down Domains Selling Fake Outlook Accounts

Microsoft on Wednesday announced that it has seizedย illicit websites and social media pages belongingย to Vietnam-based cybercrime group Storm-1152 created approximately 750 million fraudulent Outlook accounts, and earned millions of dollars in illegal revenue.

The Redmond giant calls Storm-1152, a cybercrime-as-a-service (CaaS) ecosystem, โ€œthe number one seller and creator of fraudulent Microsoft accountsโ€ who sold them online to other cybercriminals to bypass identity verification software across well-known technology platforms.

These accounts were used for several malicious activities, including mass phishing, identity theft and fraud, and distributed denial of service (DDoS) attacks.

โ€œStorm-1152 runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms. These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online,โ€ Amy Hogan-Burney, the General Manager of Microsoftโ€™s Digital Crimes Unit (DCU), wrote in a blog post.

According to Microsoft, Octo Tempest, also known as Scattered Spider, is one of Storm-1152โ€™s customers who obtained fraudulent Microsoft accounts to carry out social engineering attacks aimed towards financial extortion. Besides Octo Tempest, threat actors such as Storm-0252, Storm-0455, and other ransomware or extortion groups also purchased fraudulent accounts from Storm-1152.

On December 7, 2023, the Redmond giant obtained a court order from the Southern District of New York to seize the cybercrime ringโ€™s U.S. based infrastructure built on the intelligence gathered on the CaaS and its activities and infrastructure by Microsoft and bot management and account security firm Arkose Labs.

โ€œSince at least 2021, the Defendants have been engaged in a scheme to obtain millions of Microsoft Outlook email accounts in the names of fictitious users based on a series of false representations, and then sell these fraudulent accounts to malicious actors for use in various types of cybercrime,โ€ according to theย complaint.

Based on the order, Microsoft took over domains such as Hotmailbox[.]me, 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, as well as social media accounts that were used by Storm-1152 to harm the companyโ€™s customers and cause damages worth hundreds of millions of dollars.

The company has also sued three individuals – Duong Dinh Tu, Linh Van Nguyen (a/k/a Nguyen Van Linh), and Tai Van Nguyen – all based in Vietnam and believed to be operating Storm-1152.

โ€œOur findings show these individuals operated and wrote the code for the illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials and provided chat services to assist those using their fraudulent services,โ€ added Amy Hogan-Burney.

“Today’s action is a continuation of Microsoft’s strategy of taking aim at the broader cybercriminal ecosystem and targeting the tools cybercriminals use to launch their attacks. It builds on our expansion of a legal method used successfully to disrupt malware and nation-state operations.โ€

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post