Cybercriminals use Greasy Opal to create 750 million fake Microsoft accounts

Greasy Opal, a sophisticated cyber-attack facilitation tool, is increasingly being used to carry out volumetric bot attacks. It provides machine learning-based tools that allow attackers to launch large-scale bot attacks, particularly targeting CAPTCHA systems.

Exhibit A: The Vietnam-based threat actor group Storm-1152 orchestrated an attack using Greasy Opal that resulted in the creation of 750 million fake Microsoft accounts.

In response, Microsoft’s Digital Crimes Unit successfully took control of the Storm-1152 domains, first in December 2023 and again this month.

Attackers target real consumers’ digital accounts at login to bypass security measures and create new fake accounts on a large scale. according to a report by Arkose Labs.

Greasy Opal uses advanced computer vision technology paired with sophisticated machine learning algorithms to evade defenses.

Kevin Gosschalk, founder and CEO of Arkose Labs, explains that Greasy Opal helps lower the barrier to entry for potential cybercriminals by simplifying the execution of complex attacks.

He adds that companies like Greasy Opal often present themselves as legitimate businesses, complete with polished websites and professional marketing. “They have a business and pay taxes,” he says. “However, cyberattackers can misuse their products and services for questionable purposes.”

What makes these companies particularly dangerous, according to Gosschalk, is that their tools can make it very easy for anyone to become an attacker.

“It used to be that the attacker had to have pretty solid developer skills to use bots to attack the world’s largest companies at scale, but that’s no longer the case,” he says. “Today, anyone can buy a sophisticated bot tool along with training and customer support and start a career as a cybercriminal.”

Unique challenge for the defense

Volumetric bot attacks and fake account creation are increasingly sophisticated threats, especially when advanced tools such as Greasy Opal are involved. These attacks, which are driven by a sustained and constant flow of malicious bot-controlled trafficpose a unique challenge to traditional defense measures.

“By using modern technologies, threat actors can easily bypass traditional defenses that focus, for example, on simply blocking attacks rather than stopping them,” says Gosschalk. “Threat actors can act very quickly.”

He says companies can better protect themselves by adopting AI-based mitigation strategies and innovative defenses that are increasing in complexity to address the rapidly evolving landscape of Sophisticated threats from artificial intelligence.

“To detect and stop today’s primarily AI-powered bot threats, organizations must ensure they implement a robust, comprehensive defense strategy,” he said.

Not only does this mean having a content delivery network and web application firewall in place to protect the edge, but organizations also need to have solutions in place to manage customer identities and access to distinguish legitimate digital identities from fake ones.