Newly Discovered Group Offers CAPTCHA-Solving Services to Cybercriminals
Summary:
A previously undiscovered group, dubbed "Greasy Opal," has been found aiding cyber attackers by providing CAPTCHA-solving services and other tools to bypass security measures. This group, based in the Czech Republic and active since 2009, was recently identified by Arkose Cyber Threat Intelligence Research after its tools were used in attacks on Arkose Labs' customers. Greasy Opal offers a variety of products, including legitimate software and controversial tools like SEO-boosting software, browser automation services, and a CAPTCHA-bypassing tool. Their CAPTCHA-solving tool is reportedly ten times more efficient than other solutions, contributing to the group’s estimated 2023 revenue of $1.7 million.
The group's sophisticated infrastructure leverages advanced optical character recognition and machine learning technologies, enabling it to quickly adapt to new CAPTCHA variations. Hundreds of attackers, including groups like Vietnam-based Storm-1152, have used Greasy Opal's software in large-scale attacks, such as creating 750 million fake Microsoft accounts.
Security Officer Comments:
The group’s customer base includes numerous individual attackers, as well as notable entities such as Vietnam-based Storm-1152. ACTIR researchers observed Storm-1152 using Greasy Opal’s tools in a campaign that generated 750 million fake Microsoft accounts. This campaign was initially disrupted by the Microsoft Digital Crimes Unit in December 2023, but Storm-1152 reconstituted in January 2024, prompting further action by Microsoft and ACTIR in August 2024. Another prominent user of Greasy Opal’s tools is Bablesoft, a provider of browser automation software. Bablesoft’s Browser Automation Suite integrates Greasy Opal’s toolkit, offering malicious actors a user-friendly interface with fingerprint databases and drag-and-drop capabilities for launching attacks. ACTIR researchers noted that when Greasy Opal and BAS are used together, even attackers with low technical skills can execute effective attacks.
Suggested Corrections:
Despite the efficiency and low cost of Greasy Opal's technology, ACTIR noted a significant weakness: its reliance on outdated CPU-based hardware, making it more vulnerable to modern countermeasures. Akrose Labs recommended that companies review the report’s appendix to see if their names are listed, as this could indicat4e they are being targeted using Greasy Opal’s tools:
https://www.arkoselabs.com/resource/dossier-greasy-opal-greasing-skids-cybercrime/
Link(s):
https://www.infosecurity-magazine.com/news/captcha-solving-cybercriminals/
https://www.arkoselabs.com/resource/dossier-greasy-opal-greasing-skids-cybercrime/
A previously undiscovered group, dubbed "Greasy Opal," has been found aiding cyber attackers by providing CAPTCHA-solving services and other tools to bypass security measures. This group, based in the Czech Republic and active since 2009, was recently identified by Arkose Cyber Threat Intelligence Research after its tools were used in attacks on Arkose Labs' customers. Greasy Opal offers a variety of products, including legitimate software and controversial tools like SEO-boosting software, browser automation services, and a CAPTCHA-bypassing tool. Their CAPTCHA-solving tool is reportedly ten times more efficient than other solutions, contributing to the group’s estimated 2023 revenue of $1.7 million.
The group's sophisticated infrastructure leverages advanced optical character recognition and machine learning technologies, enabling it to quickly adapt to new CAPTCHA variations. Hundreds of attackers, including groups like Vietnam-based Storm-1152, have used Greasy Opal's software in large-scale attacks, such as creating 750 million fake Microsoft accounts.
Security Officer Comments:
The group’s customer base includes numerous individual attackers, as well as notable entities such as Vietnam-based Storm-1152. ACTIR researchers observed Storm-1152 using Greasy Opal’s tools in a campaign that generated 750 million fake Microsoft accounts. This campaign was initially disrupted by the Microsoft Digital Crimes Unit in December 2023, but Storm-1152 reconstituted in January 2024, prompting further action by Microsoft and ACTIR in August 2024. Another prominent user of Greasy Opal’s tools is Bablesoft, a provider of browser automation software. Bablesoft’s Browser Automation Suite integrates Greasy Opal’s toolkit, offering malicious actors a user-friendly interface with fingerprint databases and drag-and-drop capabilities for launching attacks. ACTIR researchers noted that when Greasy Opal and BAS are used together, even attackers with low technical skills can execute effective attacks.
Suggested Corrections:
Despite the efficiency and low cost of Greasy Opal's technology, ACTIR noted a significant weakness: its reliance on outdated CPU-based hardware, making it more vulnerable to modern countermeasures. Akrose Labs recommended that companies review the report’s appendix to see if their names are listed, as this could indicat4e they are being targeted using Greasy Opal’s tools:
https://www.arkoselabs.com/resource/dossier-greasy-opal-greasing-skids-cybercrime/
Link(s):
https://www.infosecurity-magazine.com/news/captcha-solving-cybercriminals/
https://www.arkoselabs.com/resource/dossier-greasy-opal-greasing-skids-cybercrime/