Storm-1152: Microsoft defends itself with domain deletions 

B2B Cyber ​​Security ShortNews

Share post

Microsoft is using domain deletions to stop the activities of the Storm-1152 group, which sells fraudulent Microsoft accounts and security circumvention tools. 750 million Microsoft accounts have already been put up for sale, bringing the group millions in revenue.

Storm-1152 operates illegal websites and social media pages and sells fraudulent Microsoft accounts and identity verification software bypass tools on popular technology platforms. These services reduce the amount of time and effort criminals need to commit a variety of criminal and abusive behaviors online. To date, Storm-1152 has put around 750 million fraudulent Microsoft accounts up for sale, earning millions.

Microsoft's disruption strategy

On Thursday, December 7, Microsoft obtained a court order from the Southern District of New York to seize the US-based infrastructure and take websites used by Storm-1152 offline by seizing the domains. Analysis of Storm-1152's activities included detection, analysis, telemetry, covert mystery purchases, and reverse engineering to locate the malicious infrastructure hosted in the United States. Microsoft Threat Intelligence and the Arkose Cyber ​​Threat Intelligence Research Unit (ACTIR) provided additional data and insights to strengthen our legal case.

As part of the investigation, Microsoft was able to confirm the identities of the actors leading Storm-1152's operations - Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh) and Tai Van Nguyen - based in Vietnam. The findings show that these individuals operated and wrote the code for the illegal websites, posted detailed step-by-step instructions on how to use their products in video tutorials, and provided chat services to assist those who used their fraudulent sites Use services. Microsoft has now filed a criminal complaint with US law enforcement authorities.

Continuous commitment to the fight against cybercrime

The current action is a continuation of Microsoft's strategy to target the broader ecosystem and the tools cybercriminals use to launch their attacks. Microsoft has also worked with other organizations in the industry to improve the sharing of fraud information and to further improve the artificial intelligence and machine learning algorithms that quickly identify and flag fraudulent accounts.

While the current legal action will impact Storm-1152's operations, Microsoft expects other threat actors to adapt their techniques as a result. Continued collaboration between the public and private sectors remains essential if Microsoft is to continue to effectively mitigate the impact of cybercrime.

More at


About Microsoft Germany

Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning.

As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more