Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts. Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts. Storm-1152 operates illicit websites and social media pages, selling fake Microsoft accounts and tools to bypass identity verification software […]

Storm-1152 Outlook accounts

Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts.

Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts.

Storm-1152 operates illicit websites and social media pages, selling fake Microsoft accounts and tools to bypass identity verification software on popular technology platforms.

“These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online.” reads the announcement published by Microsoft. “To date, Storm-1152 created for sale approximately 750 million fraudulent Microsoft accounts, earning the group millions of dollars in illicit revenue, and costing Microsoft and other companies even more to combat their criminal activity.”

On Thursday, December 7, the IT giant obtained a court order from the Southern District of New York to seize the infrastructure in the US used by the threat actors and take offline the websites.

The company pointed out that its initiative aimed at preventing fraudulent activities involving Microsoft accounts, however, the websites were also selling fraudulent accounts from other well-known technology platforms.

Microsoft’s Digital Crimes Unit disrupted the following domains:

  • Hotmailbox.me, a website selling fraudulent Microsoft Outlook accounts
  • 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, websites that facilitate the tooling, infrastructure, and selling of the CAPTCHA solve service to bypass the confirmation of use and account setup by a real person. These sites sold identity verification bypass tools for other technology platforms
  • The social media sites actively used to market these services
Storm-1152 Outlook accounts

The services provided by Storm-1152 allowed threat actors to carry out their malicious activities more efficiently. Microsoft identified multiple groups using Storm-1152 accounts for malicious activities, including ransomware attacks, data theft, and extortion.

Some of the groups that obtained fraudulent Microsoft accounts from Storm-1152 are Octo Tempest (aka Scattered Spider), Storm-0252, and Storm-0455.

Microsoft also identified Duong Dinh Tu, Linh Van Nguyen (a/k/a Nguyen Van Linh), and Tai Van Nguyen as key figures of the group Storm-1152.

The individuals developed and operated the websites, they also published video tutorials on how to use their products and provided chat services to their customers.

“Microsoft has since submitted a criminal referral to U.S. law enforcement. We are grateful for our partnership with law enforcement who can bring those looking to harm our customers to justice.” concludes the announcement.

“As we’ve said before, no disruption is complete in one day. Going after cybercrime requires persistence and ongoing vigilance to disrupt new malicious infrastructure. While today’s legal action will impact Storm-1152’s operations, we expect other threat actors will adapt their techniques as a result.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Storm-1152)