Deactivated Domains Used For Spear-Phishing

Microsoft's Digital Crimes Unit (DCU) has started legal proceedings in the US courts against an Iranian threat actor called Bohrium for spear-phishing operations. Bohrium is said to have targeted entities in tech, transportation, government, and education sectors located in the US, Middle East, and India.

According to a US government order disclosed by Microsoft, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance.

Microsoft has filed a complaint with the US District Court in Virginia, requesting a restraining order be granted against Bohrium in accordance with the Computer Fraud and Abuse Act. A hearing has been scheduled for June 10. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

To halt the malicious activities of Bohrium, Microsoft said it took down 41 domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign, which enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

The disclosure comes as Microsoft revealed that it identified and disabled malicious OneDrive activity perpetrated by a previously undocumented threat actor codenamed Polonium since February 2022.

The incidents, which involved the use of OneDrive as command-and-control, were part of a larger wave of attacks the hacking group launched against over 20 organisations based in Israel and Lebanon. Microsoft has also recently successfully seized domains used by APT28, a state-sponsored group operated by Russian military intelligence, also known as Fancy Bear, to target institutions in Ukraine.

Microsoft said it obtained a court order on April 6 that authorized the company to take control of seven domains APT28 was using to carry out its cyber attacks. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” said Microsoft’s vice president for customer security, Tom Burt.

Microsoft:    CyberArmyHB:    Threatpost:   Hacker News:   Techcrunch:    Bleeping Computer:   CyberNews

You Might Also Read: 

Microsoft Removes Domains Used For Cyber Attacks On Ukraine:

 

« Who Can You Trust With Your Data?
Iran Caught Using Intermediaries To Hack Israeli Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

Go Grow

Go Grow

Go Grow is a business oriented accelerator program at Copenhagen School of Entrepreneurship. Targeted technologies include IoT, AI and Cybersecurity.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.