An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.
The hackers, who are said to have targeted technology, transport, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organisations with malicious emails.
Amy Hogan-Burney, the General Manager of Microsoft’s Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that “ultimately infected their target’s computers with malware.”
In court filings, Microsoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.
In an attempt to halt the Bohrium group’s activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.
In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.
In addition, Microsoft claimed that the Bohrium hackers corrupted “Microsoft’s applications on victims’ computers and Microsoft’s servers, thereby using them to monitor the activities of users and steal information from them.”
The full list of seized domains is:
Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed “Polonium” who had targeted Israeli organisations by abusing OneDrive.