Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains
An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.
The hackers, who are said to have targeted technology, transport, government and education sectors in the United States, Middle East, and India, are said to have often posed as recruiters targeting victims inside organisations with malicious emails.
Amy Hogan-Burney, the General Manager of Microsoft's Digital Crimes Unit (DCU), explained in a tweet that the Bohrium gang created fake social media profiles in an attempt to make their attacks look more convincing, sending out emails with links that "ultimately infected their target's computers with malware."
In court filings, Microsoft explained that the attacks were designed to exfiltrate sensitive information from compromised computers, seize remote control of hacked PCs, and spy on computer activity.
In an attempt to halt the Bohrium group's activities, Microsoft obtained a court order seizing 41 domains used as command-and-control infrastructure by the gang, including microsoftsync.org.
In its complaint, Microsoft explained that its trademarks had been used without permission in order to trick targeted individuals into handing over their login credentials.
In addition, Microsoft claimed that the Bohrium hackers corrupted "Microsoft's applications on victims' computers and Microsoft's servers, thereby using them to monitor the activities of users and steal information from them."
The full list of seized domains is:
Earlier this month, Microsoft revealed that it had disrupted a malicious campaign operated by Lebanon-based hackers dubbed "Polonium" who had targeted Israeli organisations by abusing OneDrive.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022