Deactivated Domains Used For Spear-Phishing

Microsoft's Digital Crimes Unit (DCU) has started legal proceedings in the US courts against an Iranian threat actor called Bohrium for spear-phishing operations. Bohrium is said to have targeted entities in tech, transportation, government, and education sectors located in the US, Middle East, and India.

According to a US government order disclosed by Microsoft, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance.

Microsoft has filed a complaint with the US District Court in Virginia, requesting a restraining order be granted against Bohrium in accordance with the Computer Fraud and Abuse Act. A hearing has been scheduled for June 10. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

To halt the malicious activities of Bohrium, Microsoft said it took down 41 domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign, which enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

The disclosure comes as Microsoft revealed that it identified and disabled malicious OneDrive activity perpetrated by a previously undocumented threat actor codenamed Polonium since February 2022.

The incidents, which involved the use of OneDrive as command-and-control, were part of a larger wave of attacks the hacking group launched against over 20 organisations based in Israel and Lebanon. Microsoft has also recently successfully seized domains used by APT28, a state-sponsored group operated by Russian military intelligence, also known as Fancy Bear, to target institutions in Ukraine.

Microsoft said it obtained a court order on April 6 that authorized the company to take control of seven domains APT28 was using to carry out its cyber attacks. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” said Microsoft’s vice president for customer security, Tom Burt.

Microsoft:    CyberArmyHB:    Threatpost:   Hacker News:   Techcrunch:    Bleeping Computer:   CyberNews

You Might Also Read: 

Microsoft Removes Domains Used For Cyber Attacks On Ukraine:

 

« Who Can You Trust With Your Data?
Iran Caught Using Intermediaries To Hack Israeli Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

NVISIONx

NVISIONx

NVISIONx data risk governance platform enables companies to gain control of their enterprise data to reduce data risks, compliance scopes and storage costs.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.