Security News > 2022 > June > Microsoft disrupts Bohrium hackers’ spear-phishing operation

The Microsoft Digital Crimes Unit has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India.
Bohrium has targeted organizations from a wide range of industry sectors, including tech, transportation, government, and education, according to Amy Hogan-Burney, the General Manager of Microsoft DCU. Microsoft has taken down 41 domains used in this campaign to establish a command and control infrastructure that enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.
According to evidence provided by Microsoft in court filings [PDF], the Iranian hackers have been "Intentionally accessing and sending malicious software, code, and instructions to the protected computers, operating systems, and computers networks of Microsoft and the customers of Microsoft, without authorization [.].".
While Microsoft did not reveal the timeline of this spear-phishing operation, some of the dozens of domains taken down have been used to host and push malware payloads as far back as 2017.
"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Microsoft's Corporate Vice President for Customer Security & Trust Tom Burt said in December 2021 when Redmond seized sites used by APT15 Chinese state hackers.
Previously, Microsoft filed 15 other similar cases against the APT28 Russian-backed group in August 2018, which led to the seizure of another set of 91 malicious domains.
News URL
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)