Microsoft has successfully taken action against a cybercrime group known as Storm-1152 [2], based in Vietnam [4] [6]. This group was involved in selling fraudulent Microsoft accounts and tools to bypass Captcha software, resulting in millions of dollars in illicit activities [1].


To combat Storm-1152, Microsoft obtained a court order allowing them to seize US based infrastructure and websites used by the group [3]. With the assistance of cybersecurity company Arkose Labs [6], Microsoft dismantled the group’s infrastructure by seizing four websites involved in selling fraudulent Microsoft Outlook accounts and Captcha-solving services. This takedown not only disrupted Storm-1152’s activities but also impacted the hacking campaigns of other cybercrime groups, including Scattered Spider [5] [6].

Microsoft also identified some of the criminals using Storm-1152 accounts [3], such as the financially motivated cybercrime group Octo Tempest. This group earned millions of dollars by selling fake Microsoft accounts and providing support services [3]. Microsoft has submitted a criminal referral to US law enforcement and warns of potential adaptations by other threat actors in response to this takedown [3].


Microsoft’s actions against Storm-1152 are part of their broader strategy to target the cybercriminal ecosystem and enhance fraud detection algorithms. By working with Arkose Labs [4], they aim to deter criminal behavior and increase the cost of cybercriminal attacks [4]. This successful operation highlights the importance of collaboration and serves as a warning to those who harm Microsoft’s customers that they will be brought to justice.