Adversaries like the group being tracked as Storm-2139 are already finding ways to bend and break guardrails around generative artificial intelligence (GenAI) services, and Microsoft is pushing back with a name-and-shame campaign intended to break up their little cybercrime party.
Microsoft’s digital crimes unit named four men — Iranian Arian Yadegarnia, Alan Krysiak from the UK, Hong Kong’s Ricky Yuen, and Phát Phùng Tấn from Vietnam — who were selling unauthorized access to Azure AI services along with step-by-step instructions for generating titillating images of celebrities and others.
This activity is prohibited under the terms of use for our generative AI services and required deliberate efforts to bypass our safeguards,” said Steven Masada, assistant general counsel of Microsoft’s digital crimes unit, in a statement. “We are not naming specific celebrities to keep their identities private and have excluded synthetic imagery and prompts from our filings to prevent the further circulation of harmful content.
Microsoft filed a lawsuit against the group members last month and was able to seize a website behind the operation, he explains. Subsequently, Microsoft attorneys were “doxed,” having personal information posted publicly in retaliation.
Microsoft is responding with an amended complaint along with the public naming of those they believe are behind the cyberattack, known as LLMjacking.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
