1 min read

Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains


June 09, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains

An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.

The hackers, who are said to have targeted technology, transport, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organisations with malicious emails.

Amy Hogan-Burney, the General Manager of Microsoft's Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that "ultimately infected their target's computers with malware."

In court filings, Microsoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.

In an attempt to halt the Bohrium group's activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.

In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.

In addition, Microsoft claimed that the Bohrium hackers corrupted "Microsoft's applications on victims' computers and Microsoft's servers, thereby using them to monitor the activities of users and steal information from them."

The full list of seized domains is:

  • alpha-olive.com
  • cendual.com
  • cloudscomputers.com
  • deliverymessage.com
  • deliveryreporter.com
  • ebtlicense.com
  • edge-cloudservices.com
  • helpdesk-product.com
  • insyncdigitalbd.com
  • learnersarea.com
  • manoramaonlines.com
  • mitoplatform.com
  • outlookdelivery.com
  • servicecult.com
  • sharepointfile.com
  • sitesanalyzer.com
  • softwarepays.com
  • supportskype.com
  • symantecdll.com
  • technewsportals.com
  • techtosolution.com
  • thepetrosolution.com
  • veritasanalyzer.com
  • vibrantmariners.com
  • activatetech.info
  • futuremedias.info
  • healthcaretip.info
  • microsoftdefender.info
  • microsoftedgesh.info
  • freechess.live
  • outlookde.live
  • office-shop.me
  • bestweight.net
  • electroboard.net
  • equip-med.org
  • librarycollection.org
  • microsoftsecure.org
  • microsoftsync.org
  • penspen.org
  • xchange-connect.org
  • bluecake.xyz

Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed "Polonium" who had targeted Israeli organisations by abusing OneDrive.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like