Microsoft disclosed on Wednesday (12 13) that it cracked the creation of 7The 500 million Outlook hacking group Storm-1152 has taken over the domain name used by Storm-1152, shut down the 1stCaptcha, AnyCaptcha, and NoneCaptcha** used by Storm-1152 to bypass the Captcha Turing test, and shut down the social ** fan page used by Storm-1152.
According to Microsoft's complaint to the court, STORM-1152 specializes in selling fake Outlook accounts for use by criminal organizations, providing Cybercrime as a Service (CAAS), and hackers use bots to create a large number of Outlook accounts, which are registered in a short period of time (within 4 hours) and are constantly checked for availability before **.
Rather than creating thousands of fake Outlook accounts on their own and risking being shut down by Microsoft, STORM-1152's customers range from ransomware syndicates, infotheft and financial extortion groups, which sell for less than 1 cent per account.
In addition to selling Outlook accounts on Storm-1152, it also provides tools that can be used to bypass authentication software from well-known technology platforms, including 1stcaptcha, anycaptcha, and nonecaptcha.
Arkose Labs, which specializes in detecting platform abuse, points out that the CaaaS model is overwhelming even experienced in-house security operations centers with the volume and speed at which they commit fraud, and that CaaaS is one of the reasons for the 167% increase in bot attacks this year.
Kevin Gosschalk, founder and CEO of Arkose Labs, said that Storm-1152 is unique in that it created a CaaS business in broad daylight, rather than using the dark web, and presented itself as a sustainable online business with full customer support.
Microsoft, for its part, says that to date STORM-1152 has been created 7With 500 million fraudulent Microsoft accounts earning millions of dollars in illicit revenue, which could be used to perform phishing, identity theft, or distributed denial-of-service attacks, the future will be designed to increase the cost of business and slow down hackers' attacks. In addition, Microsoft has confirmed that Storm-1152 is based in Vietnam, and has confirmed the identity of 3 of its members.