Search This Blog

Powered by Blogger.

Blog Archive

Labels

Microsoft Disrupts Bohrium Hackers’ Spear-Phishing Operation

Tracked as Bohrium, the operation was victimizing customers in the U.S., Middle East, and India.

 

The Microsoft Digital Crimes Unit (DCU) recently conducted an operation and has successfully disrupted a spear-phishing operation which was conducted by the Iranian malicious actors. Tracked as Bohrium, the operation was victimizing customers in the U.S., Middle East, and India. 

Amy Hogan-Burney, the General Manager of Microsoft DCU has said that Bohrium targeted organizations from a wide range of industries, including transportation, Tech industries, government, and education. 

The evidence that was reported by Microsoft in court filings, read, “the Iranian hackers have been intentionally accessing and sending malicious software, code, and instructions to the protected computers, operating systems, and computers networks of Microsoft and the customers of Microsoft, without authorization." 

Following the attack, Microsoft has taken down 41 domains that were attacked in this campaign to establish a command and control infrastructure that allowed the hackers to execute malicious tools to help them gain access to targets' systems and exfiltrate stolen information from compromised systems. Also, some of the domains taken down have been used in the past to host and push malware payloads. 

However, Microsoft did not disclose the timeline of this spear-phishing operation. "Bohrium actors create fake social media profiles, often posing as recruiters. Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware..," 

“…This activity was uncovered by Microsoft's Threat Intelligence Center (MSTIC), which tracks the world's nation-state and cybercrime actors so we can better protect our customers,” Hogan-Burney said. 

Microsoft further explained that this action which was taken by the origination is part of a long series of lawsuits against malicious actors who are targeting Microsoft customers worldwide. 

"To date, in 24 lawsuits – five against nation-state actors – we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Microsoft's Corporate Vice President for Customer Security & Trust Tom Burt said.

Previously, Microsoft has taken down many malicious campaigns including APT28 domains controlled by the ZLoader cybercrime gang and the Iran-backed APT35 (aka Charming Kitten, Phosphorus, or Ajax Security Team) threat actor.
Share it:

Cyber Attacks

Cyber campaign

Digital threats

Microsoft