August 23, 2024 at 10:05AM
Greasy Opal, a long-time developer, supplies a tool for cybercrime-as-a-service, allowing bot-led CAPTCHA solving at scale. Tailoring its software to customers’ needs, it serves various threat actors including Storm-1152. The developer markets its CAPTCHA bypass tool, generating substantial revenue and paying taxes, despite its awareness of illegal use. Its tools have targeted government and technology services globally.
From the provided meeting notes, it is evident that a developer known as Greasy Opal has been operating for nearly two decades, supplying cybercrime-as-a-service industry with a tool that bypasses account security solutions and enables bot-led CAPTCHA solving at scale. Greasy Opal tailors its tools based on customers’ targeting needs and has been used to target governments and various technology companies and services. Among its customers is the Vietnam-based cybercrime group known as Storm-1152, which created millions of Microsoft accounts to sell to various threat actors.
The company provides both a free and a paid version of its CAPTCHA solver, with the paid version claiming 90-100% image identification accuracy and the ability to recognize objects in less than a second. Customers purchasing the toolkit can also upgrade to the beta version for an additional fee. The most expensive package costs $190 plus a monthly subscription, and it’s estimated that Greasy Opal had a revenue of at least $1.7 million last year from hundreds of individual attackers using the tools.
Despite claiming legitimate business operations and paying taxes, Greasy Opal’s primary motivation appears to be financial, with little regard for the illegal activities its tools are used for. The actor’s role in the cybercriminal supply chain is significant, as it knowingly enables low-skill threat actors to automate massive attacks against businesses worldwide.
In addition to the tools for spamming and promoting content on social networks, Greasy Opal’s CAPTCHA solver is found to have been developed to target specific organizations, including public and government services in Russia, Brazil, and the U.S., as well as prominent tech entities like Amazon, Apple, and Facebook. The company is noted to be operating from the Czech Republic and is described as a “very intelligent, low-ethics” developer of software.
Overall, based on the meeting notes, it’s clear that Greasy Opal’s operations have significant implications for cybersecurity and businesses targeted by its tools.