Microsoft has launched legal proceedings against a network of cybercriminals for allegedly abusing generative AI technology, including its own Azure Open AI service. In an amended complaint related to a recent civil lawsuit, the tech giant named four key developers behind malicious tools designed to bypass the protective net of its artificial intelligence services. The defendants named include:
Arian Yadegarnia (alias "Fizz") -- lives in Iran
Alan Krysiak (alias "Drago") -- lives in the United Kingdom
Ricky Yuen (alias "cg-dot") -- lives in Hong Kong
Phát Phùng Tấn (alias "Asakuri") - lives in Vietnam
These individuals are at the heart of what Microsoft calls Storm-2139, a global cybercrime network. Members of the network allegedly leveraged public customer credentials to gain unauthorized access to generative AI services. They subsequently modified these services and resold access to other bad actors, even with explicit instructions to create harmful content, including non-consensual intimate images of celebrities and other explicit material.
Microsoft's investigation outlines Storm-2139 as an organization divided into three key layers:
Creator: A developer who creates a tool that can abuse an AI service.
Provider: A person who modifies, supplies, and delivers these tools according to different service tiers and pricing structures. .
Users: End users who use these tools to generate prohibited synthetic content, often targeting celebrities or creating sexually explicit images. .
In December 2024, Microsoft's Digital Crimes Unit (DCU) filed its first lawsuit in the Eastern District of Virginia, which enabled Microsoft to seize an important website used by cybercriminal networks, thereby significantly reducing its operational capabilities. The legal documents released in January sparked an immediate reaction within the network. In monitored communications channels, members began speculating on the identity of "John Doss" involved in the case, and in some cases attempted to pin blame on other members of the operation.
In addition, Microsoft's legal team received several emails from suspected members of Storm-2139 that were intended to deflect blame and point the finger at other operatives. In addition, it was also found that someone initiated an "open box" against Microsoft's legal counsel and spread personal information and photos online. This method may lead to serious real-world consequences, such as identity theft and harassment.
Microsoft's efforts are part of a broader commitment to curb the abuse of generative AI. While the giant acknowledges that dismantling such an entrenched cybercriminal network is a long-term battle, the legal actions and operational disruptions aimed at exposing these malicious actors mark an important step forward. By exposing Storm-2139’s clandestine activities, the company not only intends to dismantle current networks but also thwart future attempts to weaponize artificial intelligence technology.
Overall, this case highlights the challenges posed by cybercriminals in the digital age and the need for ongoing, coordinated protection of innovative technologies from misuse.