Full Report
Microsoft outed four foreign and two U.S. developers who it said illicitly used AI services — including the company's own — in a celebrity deepfake scheme.
Analysis Summary
# Threat Actor: Storm-2139
## Attribution & Identity
* **Identification:** Threat actor/network tracked by Microsoft as Storm-2139.
* **Known Aliases/Affiliates:**
* Arian Yadegarnia (aka “Fiz”) from Iran.
* Alan Krysiak (aka “Drago”) from the United Kingdom.
* Ricky Yuen (aka “cg-dot”) from Hong Kong.
* Phát Phùng Tấn (aka “Asakuri”) from Vietnam.
* Two unnamed U.S. individuals based in Illinois and Florida.
* **Association:** Described as a "global cybercrime network."
## Activity Summary
Storm-2139 involved both foreign and U.S. developers unlawfully accessing and reconfiguring generative AI services (including Microsoft's Azure OpenAI services). The primary campaign involved modifying these services to bypass safety restrictions, allowing the creation of harmful content, specifically non-consensual intimate images (deepfakes) of celebrities and other sexually explicit material, which they then resold access to.
## Tactics, Techniques & Procedures
* **Initial Access:** Gained access to AI services via "exploited exposed customer credentials scraped from public sources."
* **Malicious Reconfiguration:** Modifying AI service configurations to bypass safety constraints.
* **Doxing/Retaliation:** Following legal action (TRO and injunction), group members doxed Microsoft lawyers, posting their names, personal information, and photographs.
* **Internal Conflict:** Legal disruption caused internal friction, leading some members to blame others for the operation's exposure.
## Targeting
* **Sectors:** Technology/Cloud Services (targeting Azure OpenAI services specifically). Content creators/resellers of illicit material.
* **Geography:** Actors identified in Iran, the UK, Hong Kong, Vietnam, Illinois (US), and Florida (US).
* **Victims:** Celebrities (used as subjects for non-consensual intimate imagery) and Microsoft (as the provider of the compromised services).
## Tools & Infrastructure
* **Malware Families Used:** Not explicitly named in the source.
* **Infrastructure:** Operated a website seized by Microsoft via a temporary restraining order.
## Implications
Storm-2139 highlights a significant emerging threat where cybercriminals exploit access to powerful, public-facing generative AI infrastructure for financial gain through the creation and distribution of highly damaging, non-consensual content. The group displayed reactive behavior (doxing, internal finger-pointing) under legal pressure, suggesting a fragile operational structure once targeted publicly.
## Mitigations
* Ensure robust customer credential security to prevent credential stuffing/scraping attacks against access points for cloud resources.
* Implement strict monitoring and rapid response to unauthorized reconfiguration or misuse of cloud-based generative AI models.
* Maintain legal preparedness for civil litigation and coordination with international law enforcement for dismantling transnational cybercrime networks.