A newly uncovered cyber group, Greasy Opal, has been identified as a key player in providing CAPTCHA-solving services to cybercriminals. Based in the Czech Republic and operational since 2009, Greasy Opal has remained under the radar until recently. The group offers a variety of products, including CAPTCHA-bypassing tools, SEO-boosting software, and browser and social media automation services. Their CAPTCHA-solving tool stands out for its efficiency, boasting a speed ten times greater than typical solutions like Anti-CAPTCHA.
Greasy Opal’s sophisticated technology relies on advanced optical character recognition (OCR) and machine learning models trained on extensive image datasets. These tools are designed to quickly and effectively bypass various types of CAPTCHAs, even those distorted by noise or rotation. This capability has made Greasy Opal’s services highly sought after among cybercriminals. The group’s toolkit has been used in numerous attacks, including those orchestrated by Vietnam-based Storm-1152, which utilized Greasy Opal’s tools to create 750 million fake Microsoft accounts.
The group’s operations have reportedly generated at least $1.7 million in revenue for 2023. Despite its success, Greasy Opal’s technology is not without flaws. The toolkit relies on outdated CPU-based hardware, which limits its scalability and makes it vulnerable to advanced countermeasures designed to exploit these weaknesses. This reliance on older technology is a critical vulnerability that could be targeted by security experts.
In light of this discovery, Arkose Labs advises companies to review their security measures and check if their names appear on the list provided in the ACTIR report. The presence of a company’s name on this list indicates that Greasy Opal’s tools may be used to facilitate attacks against it. Organizations are encouraged to enhance their security protocols to defend against the sophisticated capabilities of this newly exposed threat actor.
Reference:
