Microsoft seizes criminal websites used to make millions of fake Windows accounts

Image Credit: Shutterstock (Image credit: Shutterstock)

Microsoft has revealed plans to take down “the number one seller” of fraudulent accounts for its online platforms used for scams and online fraud.

Redmond says that the seller has been linked to a group it’s been tracking called Storm-1152. The ‘Storm’ prefix indicates that the group is new or in development, and hasn’t been observed much previously.

In a message of warning, Microsoft’s General Manager for Cybersecurity Policy & Protection, Amy Hogan-Burney, said: “We are watching, taking notice and will act to protect our customers.”

Microsoft goes after fraudulent account creator

The group promotes fraudulent Microsoft accounts and tools for bypassing identity verification software across other platforms on its websites and social media pages. The offerings are designed to reduce the amount of time and effort that criminals need to spend setting up their attack vector.

As many as 750 million fraudulent Microsoft accounts have been created by Storm-1152 to date, totalling millions of dollars in sales.

Microsoft says that the second-stage criminals – the ones that buy dodgy accounts from Storm-1152 – go on to carry out phishing, spamming, ransomware, and other fraud and abuse attacks.

The company even observed Octo Tempest, a well-documented financially motivated group, using Storm-1152’s fraudulent accounts in their social engineering campaigns.

On December 7, Microsoft was granted a court order from the Southern District of New York to seize infrastructure used by Storm-1152. The action took down the group’s website and social media pages, disrupting its service to illegal customers.

Microsoft reports using detection, analysis, telemetry, undercover test purchases, and reverse engineering to pinpoint the US-hosted malicious infrastructure. Together with Arkose Cyber Threat Intelligence, three Vietnamese individuals have been tied to the group, and a criminal referral has been submitted to US law enforcement.

Though Storm-1152 has been taken down, or at least hugely impacted, it’s likely that other groups are using, and will use, similar techniques. For Microsoft, a large part of the battle will forever be keeping on top of emerging threats.

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!