Microsoft seized 41 domains used by Iran-linked Bohrium APT

2 years ago 127
BOOK THIS SPACE FOR AD
ARTICLE AD

Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns.

Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., Middle East, and India.

Important work by the @Microsoft Digital Crimes Unit to share today. Our team has taken legal action to disrupt a spear-phishing operation linked to Bohrium, a threat actor from Iran. The court filings can be found here: https://t.co/jwZaRardcF

— Amy Hogan-Burney (@CyberAmyHB) June 2, 2022

Microsoft seized 41 websites, including “.com,” “.info,” “.live,” “.me,” “.net,” “.org,” and “.xyz” domains that were employed in the attacks.

The APT group created fake social media profiles, often posing as recruiters, then used them to trick targets into providing personal information. Once obtained this information from the victims, Bohrium sent phishing emails to the victims containing links that once clicked have started the infection process for the target’s computers.

This activity was uncovered by Microsoft’s Threat Intelligence Center (MSTIC), which tracks the world’s nation-state and cybercrime actors so we can better protect our customers.

— Amy Hogan-Burney (@CyberAmyHB) June 2, 2022

The threat actors’ spear-phishing attacks were aimed at gathering intelligence over the targets.

Early this month, Microsoft announced it has blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM. POLONIUM has targeted or compromised more than 20 Israeli organizations and one intergovernmental organization with operations in Lebanon over the past three months. Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry. 

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Bohrium)




Read Entire Article