Deactivated Domains Used For Spear-Phishing

Uploaded on 2022-06-08 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft's Digital Crimes Unit (DCU) has started legal proceedings in the US courts against an Iranian threat actor called Bohrium for spear-phishing operations. Bohrium is said to have targeted entities in tech, transportation, government, and education sectors located in the US, Middle East, and India.

According to a US government order disclosed by Microsoft, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance.

Microsoft has filed a complaint with the US District Court in Virginia, requesting a restraining order be granted against Bohrium in accordance with the Computer Fraud and Abuse Act. A hearing has been scheduled for June 10. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

To halt the malicious activities of Bohrium, Microsoft said it took down 41 domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign, which enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

The disclosure comes as Microsoft revealed that it identified and disabled malicious OneDrive activity perpetrated by a previously undocumented threat actor codenamed Polonium since February 2022.

The incidents, which involved the use of OneDrive as command-and-control, were part of a larger wave of attacks the hacking group launched against over 20 organisations based in Israel and Lebanon. Microsoft has also recently successfully seized domains used by APT28, a state-sponsored group operated by Russian military intelligence, also known as Fancy Bear, to target institutions in Ukraine.

Microsoft said it obtained a court order on April 6 that authorized the company to take control of seven domains APT28 was using to carry out its cyber attacks. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” said Microsoft’s vice president for customer security, Tom Burt.

Microsoft:    CyberArmyHB:    Threatpost:   Hacker News:   Techcrunch:    Bleeping Computer:   CyberNews

You Might Also Read: 

Microsoft Removes Domains Used For Cyber Attacks On Ukraine:

 

« Who Can You Trust With Your Data?
Iran Caught Using Intermediaries To Hack Israeli Business »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

Allure Security Technology

Allure Security Technology

Allure provide Behavioral Analytics software that combines machine learning and decoy technology to protect enterprise devices from data loss and intrusion both inside and outside the enterprise.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

Prevoty

Prevoty

Prevoty provides a new RASP (runtime application self-protection) capability, enabling applications to protect themselves.

TEISS Recruitment

TEISS Recruitment

TEISS Recruitment is a specialist in providing contract, permanent and temporary recruitment services to the cyber and information security sector.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

Dazz

Dazz

Dazz is the cloud security remediation platform for smart security and development teams.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.