Deactivated Domains Used For Spear-Phishing

Uploaded on 2022-06-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft's Digital Crimes Unit (DCU) has started legal proceedings in the US courts against an Iranian threat actor called Bohrium for spear-phishing operations. Bohrium is said to have targeted entities in tech, transportation, government, and education sectors located in the US, Middle East, and India.

According to a US government order disclosed by Microsoft, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance.

Microsoft has filed a complaint with the US District Court in Virginia, requesting a restraining order be granted against Bohrium in accordance with the Computer Fraud and Abuse Act. A hearing has been scheduled for June 10. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

To halt the malicious activities of Bohrium, Microsoft said it took down 41 domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign, which enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

The disclosure comes as Microsoft revealed that it identified and disabled malicious OneDrive activity perpetrated by a previously undocumented threat actor codenamed Polonium since February 2022.

The incidents, which involved the use of OneDrive as command-and-control, were part of a larger wave of attacks the hacking group launched against over 20 organisations based in Israel and Lebanon. Microsoft has also recently successfully seized domains used by APT28, a state-sponsored group operated by Russian military intelligence, also known as Fancy Bear, to target institutions in Ukraine.

Microsoft said it obtained a court order on April 6 that authorized the company to take control of seven domains APT28 was using to carry out its cyber attacks. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” said Microsoft’s vice president for customer security, Tom Burt.

Microsoft:    CyberArmyHB:    Threatpost:   Hacker News:   Techcrunch:    Bleeping Computer:   CyberNews

You Might Also Read: 

Microsoft Removes Domains Used For Cyber Attacks On Ukraine:

 

« Who Can You Trust With Your Data?
Iran Caught Using Intermediaries To Hack Israeli Business »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

ARIA Cybersecurity Solutions

ARIA Cybersecurity Solutions

The ARIA ADR Automatic Detection & Response solution was designed to find, verify, and stop all types of attacks - automatically and in real time.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.