1 min read

Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains

Graham CLULEY

June 09, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains

An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.

The hackers, who are said to have targeted technology, transport, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organisations with malicious emails.

Amy Hogan-Burney, the General Manager of Microsoft's Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that "ultimately infected their target's computers with malware."

In court filings, Microsoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.

In an attempt to halt the Bohrium group's activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.

In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.

In addition, Microsoft claimed that the Bohrium hackers corrupted "Microsoft's applications on victims' computers and Microsoft's servers, thereby using them to monitor the activities of users and steal information from them."

The full list of seized domains is:

  • alpha-olive.com
  • cendual.com
  • cloudscomputers.com
  • deliverymessage.com
  • deliveryreporter.com
  • ebtlicense.com
  • edge-cloudservices.com
  • helpdesk-product.com
  • insyncdigitalbd.com
  • learnersarea.com
  • manoramaonlines.com
  • mitoplatform.com
  • outlookdelivery.com
  • servicecult.com
  • sharepointfile.com
  • sitesanalyzer.com
  • softwarepays.com
  • supportskype.com
  • symantecdll.com
  • technewsportals.com
  • techtosolution.com
  • thepetrosolution.com
  • veritasanalyzer.com
  • vibrantmariners.com
  • activatetech.info
  • futuremedias.info
  • healthcaretip.info
  • microsoftdefender.info
  • microsoftedgesh.info
  • freechess.live
  • outlookde.live
  • office-shop.me
  • bestweight.net
  • electroboard.net
  • equip-med.org
  • librarycollection.org
  • microsoftsecure.org
  • microsoftsync.org
  • penspen.org
  • xchange-connect.org
  • bluecake.xyz

Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed "Polonium" who had targeted Israeli organisations by abusing OneDrive.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read
Hackers Breach New Zealand Health Insurer Accuro Hackers Breach New Zealand Health Insurer Accuro
Filip TRUȚĂ

December 02, 2022

2 min read
Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read