Microsoft Identifies Cybercrime Gang Exploiting AI for Illicit Content Generation

Microsoft has publicly identified members of a cybercrime gang tracked as Storm-2139, accusing them of developing and distributing tools designed to bypass generative AI safeguards. The individuals named in a amended complaint filed on December 19, 2024 include Arian Yadegarnia (Iran), Alan Krysiak (United Kingdom), Ricky Yuen (Hong Kong, China), and Phát Phùng Tấn (Vietnam). According to Microsoft, Storm-2139 is responsible for manipulating AI services, unlawfully accessing accounts, and reselling access to other malicious actors. "Members of Storm-2139 exploited exposed customer credentials scraped from public sources to unlawfully access accounts with certain generative AI services. They then altered the capabilities of these services and resold access to other malicious actors, providing detailed instructions on how to generate harmful and illicit content, including non-consensual intimate images of celebrities and other sexually explicit content," reports Microsoft.

Storm-2139 operates as a structured cybercriminal network divided into three categories: creators, providers, and users. The creators develop tools that facilitate the abuse of generative AI services, while providers modify and distribute these tools to customers. The users then leverage the altered AI capabilities to produce illicit content in violation of Microsoft’s Acceptable Use Policy. The crime network came under Microsoft's legal scrutiny in December 2024 when the company filed a lawsuit in the Eastern District of Virginia to investigate its operations further. The case led to a temporary restraining order and preliminary injunction, enabling Microsoft to seize a key website used by the group, disrupting their activities and causing internal conflict among its members.

Following the legal action, Storm-2139 members reportedly turned against each other, speculating about the identities of those named in the filings. Microsoft also observed direct attempts by suspected members to shift blame within the group. Some actors even resorted to doxing Microsoft’s legal team by posting personal information online. As part of its broader effort to dismantle Storm-2139, Microsoft is preparing criminal referrals to U.S. and international law enforcement agencies. The company continues to strengthen AI security measures and advocate for legal frameworks to counter the misuse of generative AI technologies.