Storm-1152’s CAPTCHA Bypass Operation Foiled by Microsoft
Microsoft has seized a domain used by the Vietnamese group Storm-1152 to sell fraudulent accounts and CAPTCHA bypass services.
The domain rockcaptcha[.]com was taken down six months after Microsoft announced a large-scale operation against Storm-1152, which was responsible for creating approximately 750 million fake Microsoft accounts and providing CAPTCHA bypass services.
Microsoft identified three Vietnamese nationals behind these operations and tracked their activities under the name Storm-1152. The accounts were used in ransomware attacks and data theft. According to the company, accounts purchased from Storm-1152 were also part of the Scattered Spider (UNC3944) ecosystem, a group of young hackers known for breaching major companies like MGM Resorts and Caesars Entertainment.
Experts also discovered a Vietnamese language blog discussing the impact of the company’s previous actions on the group’s services. The blog also introduced a new website offering similar services.
The blog’s authors, operating under the name rockcaptcha, claim their team has over 15 years of experience in AI research. They assert that they can create AI models for processing CAPTCHA with high speed and accuracy. Furthermore, the criminals boast of their reverse engineering capabilities and independence in all aspects of technology. These statements suggest that the same individuals behind the previous fake account operation are responsible for the new site.
The Storm-1152 campaign, before Microsoft’s actions in December, generated approximately 1 million new Microsoft accounts per week. After the company’s intervention, the group’s activity significantly decreased—only 1 million accounts were created since December.
Microsoft specialists noted that Vietnam is becoming a hub for such services. Despite various groups operating in the region, Storm-1152 received the most “orders” and was the most prominent.
Bypassing CAPTCHA verification using AI reduces abnormal and spam behavior, providing cybercriminals access to Microsoft’s AI resources. Such campaigns lower the cost and entry barriers to cybercrime, researchers explain.
Related Posts:
- 750M Fake Accounts, $M in Scam: Microsoft Dismantles Fraud Storm-1152 Group
- CoralRaider: Vietnamese Hackers Wage Stealthy Campaign, Targeting Social Media and Financial Data
- Captcha Plugin include backdoor that affects 300K WordPress sites
- Beware the Invisible Threat: Phishing Expands with QR Codes, CAPTCHAs, and Steganography
