Microsoft Moves to Court to Curb Azure OpenAI Abuse by Cybercriminals 

• Unknown cybercriminals are accused of gaining unauthorized access to Microsoft services and devices.
• Microsoft filed a lawsuit alleging that the accused conducted business in Virginia via stolen credentials misuse and network takeovers.
• The threat actors reportedly evaded the security layers provided by OpenAI’s DALL-E.

Microsoft’s Digital Crimes Unit (DCU) filed a lawsuit against presently unidentified cybercriminals upon detecting malicious activities connected to its Azure OpenAI Service and DALL-E image generation technology.

The activities included unauthorized customer account access, generation of offensive and harmful content, and sophisticated tools that bypass its threat detection.

The technology conglomerate took swift legal action as a result. Microsoft filed a 41-page lawsuit seeking damages from the defendants “for creating, controlling, maintaining, trafficking, and using illegal computer networks and pirate software.”

This ascertains that the service is still not freed from the threat arising from the cybercrime. The allegations by Microsoft stated that they gained initial access by using stolen customer credentials scraped from public websites and resold on the dark web.

The hackers also used custom-designed software to access computers via Microsoft Azure OpenAI Service and evaded safety mitigations of Microsoft’s Azure-based integration of DALL-E. 

Leveraging stolen API keys and sophisticated circumvention techniques helped the perpetrators gain access to computers running Microsoft and OpenAI’s generative AI models. 

The investigation revealed the hackers reside outside of the United States and the actions were conducted by trained individuals with thorough knowledge of computer networks.

The defendant is accused of having access and control of the instrumentalities used in the said illegal activities. They have access to the following: 

1. Reverse proxy tool infrastructure, including the domain “aitism.net.”
2. The Cloudflare tunnel.
3. AWS IP Address used for malicious actions.

The lawsuit stated that the culprits conducted business in Virginia and created a website, reentry.org/de3u, using the “.org” domain, which is a top-level domain (TLD) managed by the Public Interest Registry (PIR) since 1984. 

“Defendants necessarily understood that by selecting a “.org” TLD for its website, Defendants would be relying on hardware and services provided by PIR from Reston, Virginia, to distribute the malicious de3u software within the United States,” the filing read. 

Microsoft confirmed that it is unaware of the true identity or names of the culprits involved in the series of incidents. The security breach violates the CFAA, DMCA, the Lanham Act, and the Racketeer Influence and Corrupt Organizations Act.