Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains

An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.

The hackers, who are said to have targeted technology, transportation, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organizations with malicious emails.

Amy Hogan-Burney, the General Manager of Microsoft’s Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that “ultimately infected their target’s computers with malware.”

In court filingsMicrosoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.

In an attempt to halt the Bohrium group’s activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.

In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.

In addition, Microsoft claimed that the Bohrium hackers corrupted “Microsoft’s applications on victims’ computers and Microsoft’s servers, thereby using them to monitor the activities of users and steal information from them.”

The full list of seized domains is:

  • alpha-olive.com
  • cendual.com
  • cloudscomputers.com
  • deliverymessage.com
  • deliveryreporter.com
  • ebtlicense.com
  • edge-cloudservices.com
  • helpdesk-product.com
  • insyncdigitalbd.com
  • learnersarea.com
  • manoramaonlines.com
  • mitoplatform.com
  • outlookdelivery.com
  • servicecult.com
  • sharepointfile.com
  • sitesanalyzer.com
  • softwarepays.com
  • supportskype.com
  • symantecdll.com
  • technewsportals.com
  • techtosolution.com
  • thepetrosolution.com
  • veritasanalyzer.com
  • vibrantmariners.com
  • activatetech.info
  • futuremedias.info
  • healthcaretip.info
  • microsoftdefender.info
  • microsoftedgesh.info
  • freechess.live
  • outlookde.live
  • office-shop.me
  • bestweight.net
  • electroboard.net
  • equip-med.org
  • librarycollection.org
  • microsoftsecure.org
  • microsoftsync.org
  • penspen.org
  • xchange-connect.org
  • bluecake.xyz

Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed “Polonium” who had targeted Israeli organizations by abusing OneDrive.

Source

An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.

The hackers, who are said to have targeted technology, transportation, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organizations with malicious emails.

Amy Hogan-Burney, the General Manager of Microsoft’s Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that “ultimately infected their target’s computers with malware.”

In court filingsMicrosoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.

In an attempt to halt the Bohrium group’s activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.

In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.

In addition, Microsoft claimed that the Bohrium hackers corrupted “Microsoft’s applications on victims’ computers and Microsoft’s servers, thereby using them to monitor the activities of users and steal information from them.”

The full list of seized domains is:

  • alpha-olive.com
  • cendual.com
  • cloudscomputers.com
  • deliverymessage.com
  • deliveryreporter.com
  • ebtlicense.com
  • edge-cloudservices.com
  • helpdesk-product.com
  • insyncdigitalbd.com
  • learnersarea.com
  • manoramaonlines.com
  • mitoplatform.com
  • outlookdelivery.com
  • servicecult.com
  • sharepointfile.com
  • sitesanalyzer.com
  • softwarepays.com
  • supportskype.com
  • symantecdll.com
  • technewsportals.com
  • techtosolution.com
  • thepetrosolution.com
  • veritasanalyzer.com
  • vibrantmariners.com
  • activatetech.info
  • futuremedias.info
  • healthcaretip.info
  • microsoftdefender.info
  • microsoftedgesh.info
  • freechess.live
  • outlookde.live
  • office-shop.me
  • bestweight.net
  • electroboard.net
  • equip-med.org
  • librarycollection.org
  • microsoftsecure.org
  • microsoftsync.org
  • penspen.org
  • xchange-connect.org
  • bluecake.xyz

Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed “Polonium” who had targeted Israeli organizations by abusing OneDrive.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!