December 14, 2023 at 06:24AM
Microsoft announced the dismantling of Storm-1152, a cybercrime-as-a-service network that generated 750 million fraudulent Microsoft accounts for phishing and other criminal activities. The illicit group made millions by selling these accounts and tools to other cybercrime groups, prompting Microsoft to seize their infrastructure and reveal the identities of key operators. Actions were supported by Arkose Labs and reported to law enforcement.
From the provided meeting notes, it appears that Microsoft announced the successful disruption of Storm-1152, a cybercrime-as-a-service (CaaS) ecosystem involved in creating fraudulent Microsoft accounts for phishing, identity theft, and other criminal activities. Microsoft, with assistance from Arkose Labs, gathered intelligence on Storm-1152 and obtained a court order to seize its US-based infrastructure, including domains and social media accounts promoting illicit services.
The CaaS’s customers, such as Octo Tempest and other ransomware or extortion groups, utilized the fraudulent accounts for criminal activities. Microsoft additionally revealed the identities of three individuals believed to be operating Storm-1152, all based in Vietnam. The company filed a lawsuit against these individuals, with support from Arkose Labs, and reported their findings to law enforcement.
This action follows successful takedowns of other cybercrime groups and services, demonstrating Microsoft’s commitment to protecting its customers and disrupting criminal activities.