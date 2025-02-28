eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Microsoft has launched a sweeping legal initiative to dismantle a global hacking network that exploited generative AI, the company announced in an official blog post. The hackers bypassed AI safety measures to infiltrate its Azure OpenAI Service, raising alarms over the growing misuse of advanced technologies.

Unmasking the cybercriminals behind generative AI abuse

According to Microsoft’s official blog, the company’s Digital Crimes Unit has identified the culprits behind what it describes as “Storm-2139,” a cybercrime network orchestrating the abuse of generative AI. The network, which spans multiple countries, includes individuals operating under aliases such as “Fiz,” “Drago,” “cg-dot,” and “Asakuri.”

Based on court filings, these actors exploited publicly available customer credentials to illegally access Microsoft’s AI services, manipulate their capabilities, and resell modified access to other bad actors. This nefarious scheme enabled the generation of harmful content, including non-consensual and sexually explicit imagery, in clear violation of Microsoft’s policies.

Bloomberg reported that Microsoft has publicly exposed the identities and methodologies of these hackers, revealing the extent of their operations and the vulnerabilities they exploited. The revelations not only underscore the severity of the threat but also serve as a stern warning to other malicious actors who might be tempted to undermine the guardrails designed to keep AI use safe and ethical.

Legal measures and industry implications

In a legal filing, Microsoft has named the primary developers behind the criminal tools in an amended complaint filed in the U.S. District Court for the Eastern District of Virginia. The company’s initiative has already yielded results, with a temporary restraining order and preliminary injunction leading to the seizure of a critical website used by the network.

This measure effectively disrupted the operations of Storm-2139 and demonstrated Microsoft’s commitment to protecting its technology and its users from exploitation. Microsoft is now preparing referrals to U.S. and international law enforcement agencies to further pursue legal action against these actors.

Industry experts warn that the ramifications of this crackdown extend far beyond the immediate disruption of cybercriminal activities. As generative AI models become increasingly embedded in everyday applications, ensuring their responsible use is critical. Microsoft’s legal action serves as a precedent for the tech industry, emphasizing that stronger regulatory and technical safeguards are necessary to prevent emerging technologies from being misused.

