Cybercrime , Fraud Management & Cybercrime

Microsoft Seized Domains That Offered Fake Outlook Accounts

Criminals Created 750 Million Fraudulent Microsoft Accounts
Microsoft Seized Domains That Offered Fake Outlook Accounts
A U.S. court seized websites that allowed cybercriminals to bypass CAPTCHA tests. (Image: Shutterstock)

A U.S. federal court at the behest of Microsoft seized multiple domains used by a Vietnamese cybercrime group that created 750 million fraudulent Microsoft accounts while raking in millions of dollars in illicit revenue.

Microsoft on Dec. 7 obtained a court order, unsealed Wednesday, that temporarily seizes four domains that supported a scheme for selling cybercriminals access to email accounts opened in the name of fictitious users. The threat actor, tracked by Microsoft as Storm-1152, also sold services to bypass CAPTCHA restraints on automated online activity.

The order will become permanent if the defendants, three Vietnamese men, fail to respond to it by appearing in the U.S. District Court for the District of Southern New York. Storm-1152 has been active since at least 2021. The individuals allegedly operated and authored the code for illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials and offered chat services to aid users with their fraudulent services.

Microsoft Threat Intelligence said it had detected multiple criminal groups engaged in ransomware, data theft and extortion that are customers of Storm-1152. One such group is Octo Tempest, also recognized as Scattered Spider (see: Meet Octo Tempest, 'Most Dangerous Financial' Hackers).

"Microsoft is actively monitoring various other ransomware and extortion threat actors who have procured fraudulent accounts from Storm-1152 to augment their attack strategies, including Storm-0252 and Storm-0455," said Amy Hogan-Burney, general manager, associate general counsel, cybersecurity policy and protection at Microsoft.

Microsoft's Digital Crimes Unit disrupted - a website selling fraudulent Microsoft Outlook accounts - and 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA - websites that facilitate the tooling, infrastructure and sale of the CAPTCHA solve service to bypass the confirmation of use and account setup by a real person. These sites sold identity verification bypass tools for other technology platforms. The unit also disrupted social media activity used to market these services.

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.