Microsoft Expands Legal Action Against Global Cybercrime Network Exploiting AI

Unmasking the Perpetrators

In an amended complaint, Microsoft identified four key individuals allegedly central to Storm-2139's operations:

• Arian Yadegarnia ("Fiz") from Iran

• Alan Krysiak ("Drago") from the United Kingdom

• Ricky Yuen ("cg-dot") from Hong Kong

• Phát Phùng Tấn ("Asakuri") from Vietnam

These individuals are accused of exploiting compromised customer credentials to unlawfully access generative AI services, modifying these services to produce harmful content, and reselling access to other malicious actors. The content generated includes non-consensual intimate images of celebrities and other sexually explicit material, violating Microsoft's Acceptable Use Policy and Code of Conduct.

Structure and Operations of Storm-2139

Microsoft's investigation revealed that Storm-2139 operates through a structured hierarchy:

• Creators: Develop tools designed to circumvent AI safety measures.

• Providers: Distribute and monetize these tools, offering various access levels for payment.

• Users: Utilize the tools to generate synthetic content that violates platform policies, focusing on sexual imagery and celebrity deepfakes.

This organized approach has enabled the widespread misuse of AI technologies, raising significant ethical and legal concerns.

Legal Actions and Disruptions

Microsoft's legal action began in December 2024 with a lawsuit against ten unidentified "John Does" in the Eastern District of Virginia. The court granted a temporary restraining order and preliminary injunction, allowing Microsoft to seize a website instrumental to Storm-2139's operations. This seizure disrupted the group's activities and led to internal conflicts among its members, some of whom began blaming each other for the malicious activities.

Ongoing Investigations and Future Implications

The company has also identified two actors located in the United States, specifically in Illinois and Florida, but their identities remain undisclosed to avoid interfering with potential criminal investigations. Microsoft is preparing criminal referrals to U.S. and foreign law enforcement agencies to further dismantle the illicit operations of Storm-2139.

This case highlights the challenges tech companies face in safeguarding their AI technologies from malicious exploitation. It underscores the necessity for robust security measures and continuous vigilance to prevent the misuse of AI, particularly in generating harmful content. Microsoft's proactive legal stance serves as a deterrent to others who might seek to weaponize AI technologies, reinforcing the company's commitment to responsible AI use and the protection of individual privacy and consent.