Security News > 2022 > June > Microsoft seizes 41 domains tied to Iranian phishing ring

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India.

The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs. "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit.

At the end of May, a federal district court in eastern Virginia granted Microsoft an emergency temporary restraining order; this allowed the corporation to dismantle Bohrium's infrastructure by demanding US domain registries, such as Verisign and Donuts, transfer the domain names into Microsoft's control.

It looks as though that seizure has completed as domains such as microsoftsync[dot]org named by Microsoft have been transferred to MarkMonitor on behalf of Redmond.

The court order to take down the crime gang's infrastructure follows several similar legal maneuvers to disrupt networks used to attack Microsoft customers.

Before the April seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/07/microsoft_bohrium_domains/