Microsoft’s Digital Crimes Unit (DCU) has successfully disrupted a cybercrime network responsible for registering and selling millions of fraudulent Outlook accounts. The operation, codenamed “Storm-1152,” targeted individuals and organizations worldwide, potentially facilitating various forms of online fraud and abuse.
The DCU seized multiple domains used by the network, effectively dismantling its infrastructure and hindering its ability to operate. The investigation revealed that the group, believed to be based in Vietnam, registered over 750 million fake Outlook accounts and sold them to other cybercriminals. These accounts were utilized for a range of malicious activities, including phishing campaigns, spam distribution, and financial fraud.
“Storm-1152 runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms. These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online,” according to Amy Hogan-Burney, the General Manager of Microsoft’s Digital Crimes Unit.
“Since at least 2021, the Defendants have been engaged in a scheme to obtain millions of Microsoft Outlook email accounts in the names of fictitious users based on a series of false representations, and then sell these fraudulent accounts to malicious actors for use in various types of cybercrime,” according to the complaint.
According to Microsoft Threat Intelligence, numerous cybergroups involved in ransomware, data theft, and extortion have bought and used accounts provided by Storm-1152 in their attacks.
