Microsoft has named four of the ten individuals it had sued for stealing API keys from paying Azure OpenAI customers and using them to generate content for harmful purposes, violating its content policies. The company had already filed a lawsuit with the Eastern District Court of Virginia.
The named individuals include Arian Yadegarnia, aka “Fiz” of Iran, Alan Krysiak, aka “Drago” of the United Kingdom, Ricky Yuen, aka “cg-dot” of Hong Kong, and Phát Phùng Tấn, aka “Asakuri” of Vietnam. Microsoft also claims that these individuals are at the center of a global cybercrime network it tracks as Storm-2139.
The firm has also identified two individuals in the US whose identities remain undisclosed to avoid interference with potential criminal organisations. Microsoft’s court filings also mentioned a suspect from Illinois known as “Khanon”, who created software for running a reverse proxy service that ran the whole service.
The findings confirmed Microsoft’s initial suspicions that intruders are operating a hacking-as-a-service operation that steals API keys from legitimate customers and sells them on cybercrime forums or uses them to generate harmful AI content and exploit AI tools for malicious purposes without setting off alarms or leaving traces.
The gang used these stolen API keys to access Redmond’s Azure OpenAI service. This access was then resold to other miscreants, along with instructions and tools to help them use the generative AI to create harmful and sexually explicit content.
Since filing the lawsuit, Microsoft has obtained a court order allowing it to seize web domains used by the operation. Redmond claims the seizures will help it collect evidence on individuals involved with the operation, to figure out how the service was monetised, and disrupt any additional technical infrastructure still online.
In the News: Europol and 19 countries crack down on AI-generated CSAMs
