Security News > 2022 > June > Microsoft disrupts Bohrium hackers’ spear-phishing operation

The Microsoft Digital Crimes Unit has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India.

Bohrium has targeted organizations from a wide range of industry sectors, including tech, transportation, government, and education, according to Amy Hogan-Burney, the General Manager of Microsoft DCU. Microsoft has taken down 41 domains used in this campaign to establish a command and control infrastructure that enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

According to evidence provided by Microsoft in court filings [PDF], the Iranian hackers have been "Intentionally accessing and sending malicious software, code, and instructions to the protected computers, operating systems, and computers networks of Microsoft and the customers of Microsoft, without authorization [.].".

While Microsoft did not reveal the timeline of this spear-phishing operation, some of the dozens of domains taken down have been used to host and push malware payloads as far back as 2017.

"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Microsoft's Corporate Vice President for Customer Security & Trust Tom Burt said in December 2021 when Redmond seized sites used by APT15 Chinese state hackers.

Previously, Microsoft filed 15 other similar cases against the APT28 Russian-backed group in August 2018, which led to the seizure of another set of 91 malicious domains.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-disrupts-bohrium-hackers-spear-phishing-operation/