A cyber-attack enabling business known as Greasy Opal has been discovered [1], offering CAPTCHA-solving services to cyber threat actors [1].
Description
Greasy Opal’s CAPTCHA-bypassing tool is described as fast and efficient [1], leveraging advanced computer vision technology and machine-learning algorithms [2]. The group’s yearly revenues were estimated at $1.7 million in 2023 [1]. Greasy Opal’s customers include individual attackers [1], browser automation software providers [1], and cybercriminals using the tool to create fake Microsoft accounts. Storm-1152 [2], a threat actor group [2], utilized Greasy Opal to create 750 million fake Microsoft accounts [2], highlighting the tool’s ability to breach security measures and brute-force servers. While the group’s technology is efficient [1], it has a weakness in scalability due to outdated hardware architecture [1]. Companies are advised to check if their name appears on a list provided in the report’s appendix to determine if they are being targeted by Greasy Opal’s tools [1].
Conclusion
The use of Greasy Opal’s CAPTCHA-bypassing tool poses significant security risks, as demonstrated by the creation of millions of fake Microsoft accounts by threat actor groups. Companies should take proactive measures to protect their systems and data from such cyber threats, including updating their security measures and monitoring for any suspicious activity. The discovery of Greasy Opal highlights the ongoing challenges in cybersecurity and the need for constant vigilance and adaptation to evolving threats.
References
[1] https://www.infosecurity-magazine.com/news/captcha-solving-cybercriminals/
[2] https://www.darkreading.com/cyberattacks-data-breaches/cybercriminals-tap-greasy-opal-to-create-750m-fake-microsoft-accounts