Deactivated Domains Used For Spear-Phishing

Microsoft's Digital Crimes Unit (DCU) has started legal proceedings in the US courts against an Iranian threat actor called Bohrium for spear-phishing operations. Bohrium is said to have targeted entities in tech, transportation, government, and education sectors located in the US, Middle East, and India.

According to a US government order disclosed by Microsoft, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance.

Microsoft has filed a complaint with the US District Court in Virginia, requesting a restraining order be granted against Bohrium in accordance with the Computer Fraud and Abuse Act. A hearing has been scheduled for June 10. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

To halt the malicious activities of Bohrium, Microsoft said it took down 41 domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign, which enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

The disclosure comes as Microsoft revealed that it identified and disabled malicious OneDrive activity perpetrated by a previously undocumented threat actor codenamed Polonium since February 2022.

The incidents, which involved the use of OneDrive as command-and-control, were part of a larger wave of attacks the hacking group launched against over 20 organisations based in Israel and Lebanon. Microsoft has also recently successfully seized domains used by APT28, a state-sponsored group operated by Russian military intelligence, also known as Fancy Bear, to target institutions in Ukraine.

Microsoft said it obtained a court order on April 6 that authorized the company to take control of seven domains APT28 was using to carry out its cyber attacks. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” said Microsoft’s vice president for customer security, Tom Burt.

Microsoft:    CyberArmyHB:    Threatpost:   Hacker News:   Techcrunch:    Bleeping Computer:   CyberNews

You Might Also Read: 

Microsoft Removes Domains Used For Cyber Attacks On Ukraine:

 

« Who Can You Trust With Your Data?
Iran Caught Using Intermediaries To Hack Israeli Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

StationX

StationX

StationX is a leading provider of cyber security training, consultancy and services.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.