Security News > 2023 > December > Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted
Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service businesses.
Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars.
The group's CaaS business initially sold fraudsters ready-made, rote solver services for CAPTCHAs, which are the most effective security technology solutions to distinguish malicious bot attacks from genuine human consumers' activities.
It later pivoted its business model, deploying bots to register phony Microsoft accounts using fictitious usernames and then selling the fake accounts in bulk to other fraudsters so that they could use the accounts for a wide variety of online attacks, like phishing, malware, romance scams, in-product abuse, etc.
Storm-1152 earned millions of dollars through these illicit activities, predicate offenses to financial crimes like money laundering.
"ACTIR observed anomalies in Microsoft account-creation traffic, including creating accounts at a scale so large, fast, and efficient that it could have only been carried out through automated, machine-learning technology versus human actions," said Arkose Labs Chief Customer Officer Patrice Boffa.