Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts

Greasy Opal, a sophisticated cyberattack enablement tool, is increasingly being used to execute volumetric bot attacks, providing machine-learning-based tools to enable attackers to launch large-scale bot attacks, particularly targeting CAPTCHA systems.

Exhibit A: The Vietnam-based threat actor group Storm-1152 orchestrated an attack using Greasy Opal, resulting in the creation of 750 million fake Microsoft accounts.

In response, Microsoft's Digital Crimes Unit successfully seized control of the Storm-1152 domains, first in December 2023 and again this month.

Attackers are targeting genuine consumers' digital accounts during login, aiming to breach security measures and establish fake new accounts at scale, according to a report from Arkose Labs.

Greasy Opal leverages advanced computer vision technology paired with sophisticated machine-learning algorithms to bypass defenses.

Arkose Labs founder and CEO Kevin Gosschalk explains that by simplifying the process of executing complex attacks, Greasy Opal is helping lower the barrier to entry for would-be cybercriminals. 

He adds that companies like Greasy Opal often present themselves as legitimate enterprises, complete with polished websites and professional marketing. "They have a business and pay taxes," he says. "However, cyberattackers can exploit their products and services for questionable purposes."

Gosschalk says what makes these businesses particularly dangerous is that their tools can make it very easy for anyone to become an attacker.

"It used to be that to leverage bots to attack at scale the biggest enterprises in the world, the attacker had to have pretty solid developer chops, but not anymore," he says. "Now, anyone can buy a sophisticated bot tool along with training and customer support and start up a career as a cybercriminal."

Unique Challenge to Defenses

Volumetric bot attacks and the creation of fake accounts are increasingly sophisticated threats, particularly when advanced tools like Greasy Opal are involved. These attacks, characterized by a persistent and constant flow of malicious bot-driven traffic, present a unique challenge to traditional defenses.

"With use of advanced technologies, threat actors can easily bypass traditional defenses that are focused, for example, on simply blocking attacks versus stopping attacks," Gosschalk says. "Threat actors can move very fast."

He says enterprises can better protect themselves by adopting AI-based mitigation strategies and innovative defense mechanisms that escalate in complexity to outmaneuver the rapidly evolving landscape of sophisticated, AI-powered threats.

“To detect and stop today's mainly AI-powered bot threats, enterprises must ensure that they are executing on a robust defense-in-depth strategy,” he said. 

This means not only having a content delivery network and Web application firewall in place to protect at the edge; enterprises must also have customer identity access management solutions in place to discern legitimate from fake digital identities.