Microsoft Takes Down Massive Cybercrime Operation Generating 750 Million Fraudulent Accounts

In a significant move against cybercrime, Microsoft has successfully dismantled a criminal enterprise responsible for generating approximately 750 million fraudulent Microsoft accounts. The operation was linked to a Vietnam-based group known as Storm-1152. Microsoft obtained a court order from the Southern District of New York, leading to the takedown of multiple websites associated with the illicit activities of this cyber threat group.

The Criminal Enterprise:

Revealing details in a blog post on December 13, Microsoft identified Storm-1152 as operating a criminal enterprise that utilized deception to breach Microsoft’s security measures. The group’s modus operandi involved creating fraudulent Microsoft Outlook email accounts and selling them to cybercriminals. These illicit accounts served as gateways for various cybercrimes, including mass phishing, identity theft, fraud, and distributed-denial-of-service attacks (DDoS). The financial toll of these activities has reached millions of dollars, necessitating substantial efforts from Microsoft and other companies to combat these criminal operations.


Seized Websites:

As part of the takedown, Microsoft seized several websites integral to Storm-1152’s operations. Notable among them was, a marketplace for fraudulent Microsoft Outlook accounts. Additionally, platforms like 1stCaptcha, AnyCaptcha, and NoneCaptcha, which were selling tools to bypass identity verification, were also taken down. The future of these sites remains uncertain, pending a jury trial request to the Southern District of New York.


Microsoft’s Proactive Approach:

Amy Hogan-Burney, General Manager, Associate General Counsel, Cybersecurity Policy, and Protection for Microsoft, emphasized the company’s commitment to protecting users online. Microsoft’s proactive approach in taking down these websites was applauded by experts in the field, viewing it as a significant step in corporate-led cybersecurity enforcement. The move is expected to create operational and financial setbacks for the criminals, potentially forcing them to rebuild or relocate their infrastructure.


Private-Sector Role in Cybersecurity Enforcement:

The rarity of public interventions by tech companies in cybercrime cases is acknowledged, with legal and geopolitical complexities often hindering such actions. However, experts like Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start, note that these actions highlight the increasing role of private-sector entities in cybersecurity law enforcement. Such aggressive actions serve as a deterrent, signaling to other cybercriminals that tech companies are actively combating illicit activities.


Challenges and Future Considerations:

While the takedown is a commendable step, experts caution that the effectiveness of such operations depends on additional actions. Merely removing accounts and websites may result in a temporary disruption, with cybercriminals often quick to reestablish their operations. The global nature of cybercrime is underscored, emphasizing the need for international collaboration to effectively address cyber threats. The case highlights that sophisticated cybercrime groups can emerge from unexpected regions, such as Vietnam.



Microsoft’s successful takedown of the Storm-1152 cyber threat group and its associated websites showcases the evolving landscape of cybersecurity enforcement. As private-sector entities play an increasingly active role in combating cybercrime, collaborations and proactive strategies become imperative. The challenges persist, but initiatives like Chicago Computer Network offering advanced threat detection, incident response, and IT management capabilities, contribute to a comprehensive cybersecurity strategy aligned with the evolving nature of cyber threats.

Related Articles