Technology
Microsoft gains control of domains used by Iranian hackers linked to U.S. fugitive
A U.S. court has granted Microsoft the authority to seize domain names in order to take down a phishing campaign run by a notorious group of Iranian hackers.
In a on Microsoft’s official blog, Customer Security & Trust VP Tom Burt shared details from the now it filed in the U.S. District Court for Washington D.C against the hacker group called Phosphorus. The group is also known under the names APT 35, Charming Kitten, and Ajax Security Team.
Microsoft’s Digital Crimes Unit was allowed to take control of 99 domains in order to stop the hackers’ attacks. Domains such as outlook-verify.net, yahoo-verify.net, and verification-live.com were being used in spear-phishing campaigns by the Iranian hackers.
Spear-phishing is a method of attack that relies on social engineering, where a hacker tricks an individual or group into believing that they are a trusted source through an email or web address. The hacker then uses that trust to obtain passwords or other sensitive information from their target.
Phosphorus targeted U.S. businesses and government agencies as well as activists and journalists. As points out, former U.S. Air Force intelligence officer turned spy Monica Witt reportedly has connections to the hacker group. Witt defected to Iran and is currently a fugitive wanted by the FBI for alleged espionage. It is that Witt provided the Iranian hackers with intelligence regarding U.S. officials and her former colleagues. Using this information, the hackers can more accurately pinpoint their spear-phishing campaigns against certain individuals.
According to Microsoft, Phosphorus would send a link containing malicious software under the guise of a friendly source, sometimes even posing as a target’s contact on social media. The hackers would be able to use that software to access the victim’s computer. The group also deployed another attack using the now Microsoft-controlled domain names to trick its targets into thinking there was a security risk flagged on their Outlook or Yahoo account. Upon clicking on the phishing link, the target would be prompted to login to their account, effectively providing their password to the hackers.
This isn’t the first time a U.S. court granted Microsoft the authority to take control of domain names connected to phishing campaigns. Last year, a federal court injunction allowed Microsoft to seize domains deployed by hackers that infringe on the company’s trademarks. Microsoft to terminate spear-phishing campaigns set up my the Russian hacker group known as Fancy Bear, which was targeting U.S. politicians, Congressional staffers, and think tanks.
-
Entertainment7 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment6 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment3 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know