Member
- Joined
- Oct 14, 2023
- Messages
- 225
- Thread Author
- #1
750 million rubles. these accounts contributed to massive cybercrime on the web.
Microsoft has announced a massive operation against a cybercrime group known as Storm-1152, responsible for creating about 750 million fake Microsoft accounts. These accounts and their associated websites were used for various cyber crimes. This information was published on the company's official website.
The statement on the liquidation of the group came shortly after Microsoft received a New York court order allowing the company to withdraw the infrastructure and websites used by Storm-1152 located in the United States. Microsoft said that the actions of Storm-1152 significantly facilitated the conduct of malicious actions for a variety of cybercriminals.
The Storm-1152 group stood out from the rest due to its specialization in cybercrime as a service, offering fake Microsoft accounts and CAPTCHA circumvention services. According to Microsoft, the activities of Storm-1152 generated "millions of dollars in illegal revenue" and cost the company and other victims even more to fight their crimes.
The investigation also identified a number of individuals from Vietnam who played a key role in developing and maintaining websites related to Storm-1152's activities. These individuals created training videos and provided live chat support for their products while exploiting fake Microsoft accounts.
YouTube channel of a Vietnamese man with video instructions on how to circumvent security measures
Microsoft researchers also found that several ransomware and data theft groups used Storm-1152 accounts. In particular, it mentions Scattered Spider (UNC3944), a group of young hackers known for hacking large companies such as MGM Resorts and Caesars Entertainment.
Microsoft was able to withdraw hotmailbox[.]me, a website that sold Microsoft accounts from all over the world. A screenshot of the site shows that the accounts were sold for fractions of a cent. However, each account was unique and sold only once.
Screenshots of Storm-1152 sites
Microsoft said that the ability of companies to quickly identify and close fraudulent accounts forces criminals to look for new ways to bypass the security system. Buying accounts from groups like Storm-1152 allows them to focus their efforts on phishing, spam, extortion, and other types of fraud.
As part of the operation, several other services were also disrupted, including 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA. Microsoft collaborated with Arkose Labs to investigate and take action against the Storm-1152 group.
Microsoft has announced a massive operation against a cybercrime group known as Storm-1152, responsible for creating about 750 million fake Microsoft accounts. These accounts and their associated websites were used for various cyber crimes. This information was published on the company's official website.
The statement on the liquidation of the group came shortly after Microsoft received a New York court order allowing the company to withdraw the infrastructure and websites used by Storm-1152 located in the United States. Microsoft said that the actions of Storm-1152 significantly facilitated the conduct of malicious actions for a variety of cybercriminals.
The Storm-1152 group stood out from the rest due to its specialization in cybercrime as a service, offering fake Microsoft accounts and CAPTCHA circumvention services. According to Microsoft, the activities of Storm-1152 generated "millions of dollars in illegal revenue" and cost the company and other victims even more to fight their crimes.
The investigation also identified a number of individuals from Vietnam who played a key role in developing and maintaining websites related to Storm-1152's activities. These individuals created training videos and provided live chat support for their products while exploiting fake Microsoft accounts.

YouTube channel of a Vietnamese man with video instructions on how to circumvent security measures
Microsoft researchers also found that several ransomware and data theft groups used Storm-1152 accounts. In particular, it mentions Scattered Spider (UNC3944), a group of young hackers known for hacking large companies such as MGM Resorts and Caesars Entertainment.
Microsoft was able to withdraw hotmailbox[.]me, a website that sold Microsoft accounts from all over the world. A screenshot of the site shows that the accounts were sold for fractions of a cent. However, each account was unique and sold only once.

Screenshots of Storm-1152 sites
Microsoft said that the ability of companies to quickly identify and close fraudulent accounts forces criminals to look for new ways to bypass the security system. Buying accounts from groups like Storm-1152 allows them to focus their efforts on phishing, spam, extortion, and other types of fraud.
As part of the operation, several other services were also disrupted, including 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA. Microsoft collaborated with Arkose Labs to investigate and take action against the Storm-1152 group.