Microsoft named multiple threat actors as part of a cybercrime group accused of developing malicious software capable of bypassing generative AI safeguards to create celebrity deepfakes, and other illicit content.
The updated complaint names the individuals as Arian Jadegarnia of Iran (aka “Fiz”), Alan Krysiak from the United Kingdom (aka “Drago”), Ricky Yuen of Hong Kong (China) (aka “cg-dot”) and the Tang of Vietnam (a Kashakuri).
The company explained today that these threat actors are members of Storm-2139, a global cybercrime group it tracks. Steven Masada, Assistant General Counsel of Microsoft’s Digital Crimes Unit, said
“Members of Storm-2139 exploited exposed customer credentials scraped from public sources to unlawfully access accounts with certain generative AI services,” that the gang is called Storm-2139. Microsoft discovered during its investigation that the Storm-2139 criminal network is organized in three categories: creators and providers.
The creators created the tools that enabled the misuse of AI generated services, while the providers adapted and distributed the illicit tools to the end users, who used them to create content that violated Microsoft’s Acceptable Usage Policyor Code of Conductwhich often focused on sexual images and celebrities. Storm-2139 organizational charts (Microsoft).
This update follows the company’s lawsuitfiled in December 2024 in the Eastern District Virginia to collect more information about the cybercrime group’s operations.
Microsoft was able to stop the criminal ring from using its services by seizing the key website that was part of their infrastructure, thanks to a temporary restraining and preliminary injunction. Microsoft said that the seizure led Storm-2139 members, who were speculating about the identity of the “John Does” listed in the filings, to turn against each other. Microsoft’s legal department also received emails from suspected Storm-2139 members who blamed other members of the operation for malicious activity. Masada has added today.
“While we have identified two actors located in the United States—specifically, in Illinois and Florida—those identities remain undisclosed to avoid interfering with potential criminal investigations. Microsoft is preparing criminal referrals to United States and foreign law enforcement representatives. “
