Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Illegal Funds. Show all posts

Microsoft Shuts Down a Criminal Ring Responsible for Creating Over 750 Million Fake Accounts

 

Microsoft Corp. has shut down a cybercrime group's US-based infrastructure, which created more than 750 million fake accounts across the company's services. 

Microsoft carried out the takedown with the support of Arkose Labs Inc., a venture-backed cybersecurity firm. The latter sells a cloud platform that allows businesses in blocking fraud and hacking efforts aimed at their services. Storm-1152 is the threat actor that Microsoft has identified. 

Several hacking organisations' tactic is to create fake accounts in services like Microsoft Outlook and then use them for phishing or spam campaigns. Furthermore, fraudulent accounts can be employed to launch distributed denial-of-service (DDoS) attacks. Hackers typically do not create such accounts themselves, but rather purchase them from cybercrime-as-a-service outfits such as Storm-1152, the threat actor that Microsoft has disrupted. 

Storm-1152 is believed to be the "number one seller" of fake Microsoft accounts, the company stated. It is estimated that the gang created 750 million such accounts and also created fraudulent users on other companies' services. Furthermore, Storm-1152 sold software for circumventing CAPTCHAs, which are used by many online sites to ensure that a login request comes from a human and not an automated system.

Microsoft believes that several cybercrime groups' hacking efforts were fueled by the fake accounts that Storm-1152 created. Scattered Spider, the threat actor behind the widely reported attacks against Caesars Entertainment Inc. and MGM Resorts International earlier this year, is believed to be one of those groups. According to Microsoft's investigation, Storm-1152 earned millions of dollars in illegal money while incurring far larger expenses for the companies who made an effort to thwart it. 

“While our case focuses on fraudulent Microsoft accounts, the websites impacted also sold services to bypass security measures on other well-known technology platforms,” Amy Hogan-Burney, Microsoft’s general manager and associate general counsel for cybersecurity policy and protection, explained. “Today’s action therefore has a broader impact, benefiting users beyond Microsoft.” 

Microsoft disrupted the four websites by obtaining a seizure order from a federal court in the Southern District of New York. As part of its efforts to thwart Storm-1152's operations, Microsoft has also discovered that the group is led by three Vietnamese citizens : Duong Dinh Tu, Linh Van Nguyn, and Tai Van Nguyen. The company stated that it has reported its findings to law enforcement.

Ransomware Actors are Using Crypto Mining Pools to Launder Money

 

According to a recent analysis by the blockchain forensic company Chainalysis, the use of cryptocurrency mining as a technique to improve money laundering skills extends beyond nation state actors and has particular appeal to regular criminals. 

As per reports, sanctioned nation-states like Iran have turned to cryptocurrency mining as a way to amass money away from the traditional banking system. In a recent development, cybersecurity firm Mandiant also disclosed how the Lazarus Group, a notorious North Korean hacker group, has been utilising stolen cryptocurrencies like Bitcoin to buy freshly-mined cryptocurrency through hashing rental and cloud mining services.

Simply explained, online criminals mine "clean" coins using stolen crypto and then utilise different businesses to launder them. One of these sites, according to Chainalysis, is an unnamed "mainstream exchange" that has been acknowledged as having received "substantial funds" from wallets and mining pools connected to ransomware activity. 

In total, $94.2 million was sent to one of these recognised deposit addresses, of which $19.1 million came from ransomware addresses and the remaining $14.1 million from mining pools. However, Chainalysis found that the ransomware wallet in question was occasionally sending money to a mining pool "both directly and via intermediaries." 

“This may represent a sophisticated attempt at money laundering, in which the ransomware actor funnels funds to its preferred exchange via the mining pool in order to avoid triggering compliance alarms at the exchange,” the report reads. 

Chainalysis further asserts that "ransomware actors may be increasingly abusing mining pools"; citing its data, the company stated that "since the start of 2018, we've seen a large, steady increase in value sent from ransomware wallets to mining pools." 

A total of 372 exchange deposit addresses have received cryptocurrency transfers totaling at least $1 million from mining pools and ransomware addresses. Instances like these, in the opinion of the company, point to ransomware criminals trying to pass off their stolen money as earnings from cryptocurrency mining. 

Chainalysis said that "this sum is certainly an underestimate," adding that "these exchange deposit addresses have received a total of $158.3 million from ransomware addresses since the beginning of 2018. 

Illegal money transfers 

Chainalysis cites BitClub as an additional noteworthy instance of cybercriminals using mining pools. BitClub was a notorious cryptocurrency Ponzi scheme that deceived thousands of investors between 2014 and 2019 by making claims that its Bitcoin mining operations would generate significant returns. 

The company claims that BitClub Network transmitted Bitcoin valued at millions of dollars to wallets connected to "underground money laundering services" allegedly based in Russia. These money laundering wallets then transferred Bitcoin to deposit addresses at two well-known exchanges over the course of three years. 

The same period, between October 2021 and August 2022, saw the transfer of millions of dollars' worth of Bitcoin to the identical deposit addresses at both exchanges by an unidentified Russian Bitcoin mining company. 

The cryptocurrency exchange BTC-e, which the U.S. authorities accuse of promoting money laundering and running an illegal money service business, sent money to one of the wallets allegedly linked to the alleged money launderers. Additionally, it has been claimed that BTC-e handled money that was stolen from Mt. Gox, the biggest Bitcoin exchange in the early 2010s. 

These accusations led to the seizure of BTC-e by American authorities in July 2017, the removal of its website, and the arrest of its founder, Alexander Vinnik, in Greece the same month. 

Prevention Tips

According to Chainalysis, mining pools and hashing providers should put strict wallet screening procedures in place, including Know Your Customer (KYC) protocols, in order to "ensure that mining, which is a core functionality of Bitcoin and many other blockchains, isn't compromised."

The company also believes that these verification processes can successfully stop criminals from using mining as a means of money laundering by using blockchain analysis and other tools to confirm the source of funds and rejecting cryptocurrency coming from shady addresses.