Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns.
Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., Middle East, and India.
Microsoft seized 41 websites, including “.com,” “.info,” “.live,” “.me,” “.net,” “.org,” and “.xyz” domains that were employed in the attacks.
The APT group created fake social media profiles, often posing as recruiters, then used them to trick targets into providing personal information. Once obtained this information from the victims, Bohrium sent phishing emails to the victims containing links that once clicked have started the infection process for the target’s computers.
The threat actors’ spear-phishing attacks were aimed at gathering intelligence over the targets.
Early this month, Microsoft announced it has blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM. POLONIUM has targeted or compromised more than 20 Israeli organizations and one intergovernmental organization with operations in Lebanon over the past three months. Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry.
[출처 : SecurityAffairs / 6.6.]