• cybersecurity-news
• Visit Article Link

• Graham
• Thu Jun 9 2022

One product to protect all your devices, without slowing them down.

An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.

The hackers, who are said to have targeted technology, transport, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organisations with malicious emails.

Amy Hogan-Burney, the General Manager of Microsoft's Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that "ultimately infected their target's computers with malware."

In court filings, Microsoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.

In an attempt to halt the Bohrium group's activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.

In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.

In addition, Microsoft claimed that the Bohrium hackers corrupted "Microsoft's applications on victims' computers and Microsoft's servers, thereby using them to monitor the activities of users and steal information from them."

The full list of seized domains is:

alpha-olive.com

cendual.com

cloudscomputers.com

deliverymessage.com

deliveryreporter.com

ebtlicense.com

edge-cloudservices.com

helpdesk-product.com

insyncdigitalbd.com

learnersarea.com

manoramaonlines.com

mitoplatform.com

outlookdelivery.com

servicecult.com

sharepointfile.com

sitesanalyzer.com

softwarepays.com

supportskype.com

symantecdll.com

technewsportals.com

techtosolution.com

thepetrosolution.com

veritasanalyzer.com

vibrantmariners.com

activatetech.info

futuremedias.info

healthcaretip.info

microsoftdefender.info

microsoftedgesh.info

freechess.live

outlookde.live

office-shop.me

bestweight.net

electroboard.net

equip-med.org

librarycollection.org

microsoftsecure.org

microsoftsync.org

penspen.org

xchange-connect.org

bluecake.xyz

Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed "Polonium" who had targeted Israeli organisations by abusing OneDrive.