Microsoft busts cybercriminal gang behind 750 million fraudulent accounts

Microsoft busts cybercriminal gang behind 750 million fraudulent accounts

Microsoft’s digital crime department has seized several domains used by a Vietnamese cybercriminal group (Storm-1152). It registered more than 750 million fraudulent accounts and made millions of dollars by selling them online to other cybercriminals. This is reported by Bleeping Computer.

Storm-1152 is the number one seller of rogue Outlook accounts, as well as other illegal “products” including an automated CAPTCHA analysis service to bypass Microsoft’s CAPTCHA challenges and register more rogue email accounts.

“Storm-1152 operates illegal websites and social media pages, sells fraudulent Microsoft accounts and tools to bypass identity verification software on popular technology platforms. These services reduce the time and effort required by criminals to commit a range of criminal and offensive activities online.” said Amy Hogan-Burney, general manager of digital crime at Microsoft.

“Since at least 2021, the defendants engaged in a scheme to obtain millions of Microsoft Outlook email accounts in the names of fictitious users based on a series of misrepresentations, and then sold these fraudulent accounts to criminals for use in various types of cybercrime.” – the complaint states.

According to Microsoft Threat Intelligence, numerous cyber groups involved in ransomware, data theft, and extortion have purchased and used accounts provided by Storm-1152 in their attacks.

For example, the financially motivated cybercriminal groups Storm-0252, Storm-0455, and Octo Tempest (known as Scattered Spider) used rogue Storm-1152 accounts to infiltrate organizations around the world and deploy ransomware on their networks.

The disruptions caused by the attacks have cost Microsoft hundreds of millions of dollars.

“Based on information and belief, evidence gathered during Microsoft’s investigation of this case indicates that Microsoft email accounts fraudulently obtained by Defendants and sold to cybercriminals were used by organized cybercriminal groups known to Microsoft as Storm-0252, Storm- 0455 and Octo Tempest, to engage in cybercrime, including phishing email scams. They are often used as a means of distributing ransomware and other malware.” – is added to the complaint.

On December 7, Microsoft seized the US infrastructure of Storm-1152 and removed the following websites after obtaining a court order from the Southern District of New York:

  • is a website that sells fraudulent Microsoft Outlook accounts.
  • 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA are websites that help you bypass verification of use and account setup by a real person.
  • Social networking sites that are actively used to promote these services.

The company also sued Duong Dinh Tu, Linh Van Nguyen (a.k.a. Nguyen Van Linh) and Tai Van Nguyen for their alleged involvement in running a cybercriminal operation on the seized domains.

As the complaint further alleges, the defendants managed and developed the code for the seized websites. In addition, they were involved in publishing video tutorials on using fraudulent Outlook accounts and offered chat support to “customers” using their fraudulent services.

“Today’s action is a continuation of Microsoft’s strategy to combat the broader cybercriminal ecosystem and target the tools cybercriminals use to launch their attacks. It is based on our expansion of a legitimate method that has been successfully used to disrupt malware and nation-state operations.” Amy Hogan-Burney said.

Previously, ProIT covered the best new features of Microsoft .NET 8.

Subscribe to ProIT on Telegram so you don’t miss a post!

Related posts