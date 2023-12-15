Microsoft seizes websites that created 750 million fake accounts

Microsoft took down Hotmailbox.me (a marketplace for fraudulent Microsoft Outlook accounts) 1stCaptcha, AnyCaptcha and NoneCaptcha, which sold identity verification bypass tools, as well as the social media sites used to market these services,

Silhouettes of laptop users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS file photo
Silhouettes of laptop users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS file photo

Microsoft foiled a Vietnam-based threat group that has created 750 million fraudulent Microsoft accounts, the company announced. Earlier they received a court order issued by the Southern District of New York. The order allowed the company to seize U.S.-based infrastructure and websites used by the cybercrime-as-a-service group, known as Storm-1152.  Microsoft said is the "number one seller and creator of fraudulent Microsoft accounts." The Forbes reports.

Microsoft took down Hotmailbox.me (a marketplace for fraudulent Microsoft Outlook accounts) 1stCaptcha, AnyCaptcha and NoneCaptcha, which sold identity verification bypass tools, as well as the social media sites used to market these services, said the US media.

"Storm-1152 runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms," wrote Amy Hogan-Burney, general manager and associate general counsel of cybersecurity policy and protection for Microsoft. "These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online."

The group is at the heart of the cybercrime-as-a-service ecosystem, supplying huge numbers of accounts to cybercriminals that then use them for phishing, spamming, ransomware and other types of fraud and abuse, Microsoft said.

Microsoft identified some of the criminals using Storm-1152 accounts, including Octo Tempest, also known as Scattered Spider, a financially motivated cybercrime group that leverages broad social engineering campaigns to compromise organizations around the world. Others include ransomware groups Storm-0252 and Storm-0455.

"Storm-1152 is a formidable foe established with the sole purpose of making money by empowering adversaries to commit complex attacks," said Kevin Gosschalk, founder and CEO of Arkose Labs, which worked with Microsoft on the investigation, the Forbes added.

Microsoft submitted a criminal referral to U.S. law enforcement, the company said. It added that it's been able to identify the individuals who operated and wrote the code for the illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials and provided chat services to assist those using their fraudulent services. 

Tech / ICT / USA

tech / Microsoft

