it is suing over allegedly stealing Azure cloud credentials and creating tools to bypass safety safeguards in its generative AI service – ultimately generating deepfake smut video of celebrities and other. Redmond filed
a civil suit against the so-called crew “Azure Abuse Enterprise” in Virginia, in December 2024. At the time, no one was named.
The gang is accused of using API keys accidentally leaked by “multiple” Microsoft users to improperly access Azure OpenAI, a service offered by the IT giant. The crew then allegedly resold this cloud service to miscreants and offered detailed instructions to help their clients utilize Redmond’s generative artificial intelligence to produce the above harmful and sexually-explicit material. Microsoft obtained a court order to seize the web domains associated with the operation after filing the US federal lawsuit. The software giant claimed that the seizures would benefit it “gather crucial evidence about the individuals behind these operations, to decipher how these services are monetized, and to disrupt additional technical infrastructure we find.”
This effort appears to have been successful, as Microsoft filed an amended legal complaint on Thursday this past week[PDF[PDF]which names four of the 10 accused: Arian Yudegarnia of Iran, Alan Krysiak of the United Kingdom, Ricky Yuen of Hong Kong and Phat Phung Tang of Vietnam. According to court filings, Yadegarnia’s identity was at least partially revealed in a 4chan post on January 11, when an anonymous user discussed “Fiz.”
Although the Windows giant only named four of alleged crooks but it claims to have identified two others, including those located in the United States.
“Those names are not disclosed to avoid interfering in any criminal investigations,” wrote Steven Masadaassistant general counsel at Microsoft’s Digital Crimes Unit. Microsoft’s court documents state that a suspect living in Illinois, who goes by the name “Khanon” created software to run a reverse proxy server used to operate the Azure Abuse Enterprise. Masada was added. Microsoft seizes websites that were used to sell phony emails to Scattered Spider, and other criminals
According to Microsoft, these four defendants are part of a group known as Storm-2139. The organization is composed of three types: creators who create illicit AI generation tools, providers who modify and provide the tools to the end users and the end users who use the software in order to generate content that violates Microsoft’s policies. The other criminals, who are yet to be named, live in the US and UK, Austria, Turkey and Russia.
According to the lawsuit, additional end users are located in Argentina, Paraguay and Denmark. They “appear to be using Azure Abuse Enterprises technology and services to create content that isn’t specifically in violation of Microsoft terms of use.” However, they did not use these services to create harmful content. Microsoft stated in a press release that:
While monitoring 4chan, and other communication platforms used by Storm-2139, Microsoft was able to identify some suspected crooks. However, members of the notorious website also posted personal information about Microsoft’s lawyers, according to the statement.
This doxxing attempt may have backfired. Masada wrote in an article that after Microsoft lawyers details were published online they “received various emails, including several by suspected members of Storm-2139 trying to cast blame on the other members of the operations.” (r)
