Categories: Russian

Microsoft takes down 41 domains tied to ‘Iranian phishing’ • The Register | #datingscams | #russianliovescams | #lovescams


Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

“Bohrium actors create fake social media profiles, often posing as recruiters,” said Amy Hogan-Burney, GM of Microsoft’s Digital Crimes Unit. “Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target’s computers with malware.”

At the end of May, a federal district court in eastern Virginia granted Microsoft an emergency temporary restraining order; this allowed the corporation to dismantle Bohrium’s infrastructure by demanding US domain registries, such as Verisign and Donuts, transfer the domain names into Microsoft’s control. It looks as though that seizure has completed as domains such as microsoftsync[dot]org named by Microsoft have been transferred to MarkMonitor on behalf of Redmond.

Microsoft claimed the miscreants used the web domains to commit computer fraud, steal account users’ credentials, and infringe on Microsoft’s trademarks, according to court filings [PDF] Hogan-Burney made public late last week:

Microsoft complained that Bohrium had not only misused the IT giant’s trademarks in its phishing campaign to fool people into handing over their credentials but also sought to compromise computer systems run by Microsoft’s customers. The crew also used the domains to set up command-and-control servers to manage malware installed on those computers.

Additionally, Bohrium corrupted “Microsoft’s applications on victims’ computers and Microsoft’s servers, thereby using them to monitor the activities of users and steal information from them,” according to the court filing.

The court order to take down the crime gang’s infrastructure follows several similar legal maneuvers to disrupt networks used to attack Microsoft customers. Most recently, in April the US goliath announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang had been using to spread the remote-control malware and orchestrate infected machines.

The tech giant’s Digital Crimes Unit obtained a court order from a US federal judge in Georgia to take over the domains, which were then directed to a Microsoft-controlled sinkhole so they couldn’t be used by the malware’s masterminds to communicate with their botnet of commandeered Windows computers.

That same month Redmond seized seven internet domains run by Russia-linked threat group Strontium, aka APT28 and FancyBear, which was using the infrastructure to target Ukrainian institutions as well as think tanks in the US and EU, apparently to support Russian’s invasion of its neighbor.

Before the April seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia’s foreign military intelligence agency. ®



Click Here For The Original Source.

. . . . . . .

admin

Share
Published by
admin

Recent Posts

Crypto Fraud on Rise Again, Here’s Why — TradingView News | #datingscams | #lovescams

Recently, SEC Chair Gary Gensler issued fresh warnings about cryptocurrencies amid Bitcoin's surge to a…

4 days ago

My aunt has fallen in love with a scammer | #ukscams | #datingscams | #european

Pay Dirt is Slate’s money advice column. Have a question? Send it to Athena here. (It’s anonymous!) Dear…

5 days ago

Hundreds rescued from love scam centre in the Philippines | #philippines | #philippinesscams | #lovescams

By Virma Simonette & Kelly Ngin Manila and Singapore14 March 2024Image source, Presidential Anti-Organized Crime…

5 days ago

Locals alerted of online dating scams | #daitngscams | #lovescams

Technology has disrupted many aspects of traditional life. When you are sitting at dinner and…

5 days ago

‘Ancestral spirits’ scam: Fake sangomas fleece victims of millions | #daitngscams | #lovescams

Reports of suicides, missing bodies, sexual kompromat and emptied bank accounts as fake sangomas con…

5 days ago

SA woman loses R1.6m to Ugandan lover | #daitngscams | #lovescams

A South African woman has been left with her head in her hands after she…

5 days ago