In a significant cybersecurity operation, Microsoft successfully dismantled a cybercrime group known as Storm-1152, responsible for creating and distributing about 750 million counterfeit Microsoft accounts. Storm-1152 operated through websites and social media, offering fake accounts and tools designed to evade identity verification on major tech platforms.
The fake accounts produced by Storm-1152 were integral to various cybercrimes, as criminals increasingly need numerous accounts to bypass the swift actions of companies in shutting down fraudulent activities. These accounts facilitated a range of illegal activities, including phishing, spamming, ransomware, and other fraudulent schemes.
Notably, Storm-1152 had connections with Scattered Spider, a hacking gang implicated in the recent MGM Resorts hack. Microsoft’s crackdown on Storm-1152, in collaboration with Arkose Labs, culminated on December 7 with a court-ordered seizure of the group’s US-based infrastructure and shutdown of its websites, following an investigation by the Southern District of New York court.
Three individuals from Vietnam, identified as leaders of Storm-1152, are now facing criminal charges. Arkose Labs’ CEO highlighted Storm-1152’s unique approach, operating openly as a cybercrime-as-a-service business, complete with customer support and training, thus marking a bold evolution in the landscape of cybercrime.