Microsoft takes down Vietnamese group behind 750 million fake accounts

By Minh Nga   December 15, 2023 | 03:31 am PT
Microsoft announced that it has dismantled a Vietnam-based group that created and sold 750 million fraudulent accounts to other hackers.

In an announcement published Thursday, Microsoft said it has identified three individuals and infrastructure behind Storm-1152, a group that runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms. 

These services streamline the process for criminals to engage in various illegal and harmful online activities.

Storm-1152 has until today generated approximately 750 million fake Microsoft accounts, earning significant illegal profits, it said.

The company explained that Storm-1152 was integral to the cybercrime-as-a-service sector, providing essential fraudulent accounts for automated criminal activities.

With companies swiftly identifying and closing fake accounts, criminals need more accounts to bypass these defenses.

Rather than creating these accounts themselves, they purchase them from groups like Storm-1152. This service enables criminals to concentrate on activities like phishing, spamming, ransomware, and other fraudulent and abusive acts, making their operations more efficient and effective.

As part of its investigation, Microsoft has confirmed the identity of three individuals leading Storm-1152’s operations, Duong Dinh Tu, Nguyen Van Linh and Nguyen Van Tai, all based in Vietnam.

The YouTube channel to support the service of creating fake accounts by the Vietnamese group. Photo by Microsoft

The YouTube channel to support the service of creating fake accounts by a Vietnamese group. Photo by Microsoft

"Our findings show these individuals operated and wrote the code for illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials and provided chat services to assist those using their fraudulent services."

"Microsoft has since submitted a criminal referral to U.S. law enforcement," it said.

Microsoft said it has worked closely with Arkose Labs to deploy a next-generation CAPTCHA defense solution.

The solution requires every would-be user who wishes to open a Microsoft account to represent that they are a human being (not a bot) and verify the accuracy of that representation by solving various types of challenges.

Kevin Gosschalk, founder and CEO of Arkose Labs, which worked with Microsoft on the investigation, said: "Storm-1152 is a formidable foe established with the sole purpose of making money by empowering adversaries to commit complex attacks. Storm-1152 operated as a typical internet going-concern, providing training for its tools and even offering full customer support. In reality, Storm-1152 was an unlocked gateway to serious fraud."

go to top