Microsoft Now Takes Control of 99 Websites that Used for Hacking Operations by APT 35 Hackers

[The AchieVer]

Microsoft Now Takes Control of 99 Websites that Used for Hacking Operations by APT 35 Hackers

A result of cyberwar between Microsoft and the APT 35 hackers group, now Microsoft authorized to seize 99 illegal domains that operated by the APT 35 For various illegal hacking operations.

Microsoft won the court case that filled in the U.S. District Court for Washington D.C against the APT group 35 also known as Phosphorus and granted an order by the court to take down all the 99 websites.

APT 35 or Charming Kitten is a well-known Iranian cybercrime group that performing the various illegal hacking operation using various domains which was continuously tracking since 2013 by Microsoft Threat Intelligence Center (MSTIC).

 

Since the court has given the complete permission on last week, Microsoft has taken the complete control of 99 websites the group uses to conduct its hacking operations.

 

All these domains were misused under the names of well-known brands, like Microsoft and other related domain such as outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net.

 

APT 35 mainly used these illegal domains for various sophisticated cyber crimes, and it’s specifically designed to gain access to the computer systems of businesses and government agencies and steal sensitive information.

Now All The 99 Domains are Under Microsoft Control 

Microsoft now takes complete control of all the 99 domains that was used for various malicious hacking operations and all these domains traffic has been redirected from infected devices to Microsoft Digital Crime Unit’s sinkhole.

A sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by security analysts.

 

In this case, all the intelligence collected from this sinkhole will be added to MSTIC’s existing knowledge of Phosphorus and shared with Microsoft security products and services to protect customers in the future.

 

According to Microsoft, “Phosphorus also uses these domains and a technique whereby it sends people an email that makes it seem as if there’s a security risk to their accounts, prompting them to enter their credentials into a web form that enables the group to capture their passwords and gain access to their systems.”

 

Throughout the course of tracking Phosphorus, we’ve worked closely with a number of other technology companies, including Yahoo, to share threat information and jointly stop attacks. We are grateful for their partnership, Microsoft said.

 

 

 

 

Source

[The AchieVer]

Microsoft Seizes Domains Used by Phosphorus Hacking Group

Microsoft has recently revealed that it managed to take control of a total of 99 domains that were previously used by a hacking group called Phosphorus.

The company says the group, which is also known as APT35, Charming Kitten, NewsBeef, and Newscaster, used the domains to launch attacks against a series of high-profile targets, like computers belonging to businesses and government agencies.

Activists and journalists covering issues related to the Middle East have often been targeted by Phosphorus, Microsoft notes.

“Phosphorus typically attempts to compromise the personal accounts of individuals through a technique known as spear-phishing, using social engineering to entice someone to click on a link, sometimes sent through fake social media accounts that appear to belong to friendly contacts. The link contains malicious software that enables Phosphorus to access computer systems,” the company states.Similar strategy also used against StrontiumThe domains that were obtained in court and which now point to a Microsoft Digital Crime Unit sinkhole mimic addresses that belong to Microsoft and Yahoo, like outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net.

The Iranian hacking group is being tracked by Microsoft since 2013, and the company explains that it’s now using the domains to collect intelligence data that will be then added to its security products.

“The intelligence we collect from this sinkhole will be added to MSTIC’s existing knowledge of Phosphorus and shared with Microsoft security products and services to improve detections and protections for our customers,” Tom Burt, Corporate Vice President, Customer Security & Trust, says.

Microsoft says that its investigation in this case included collaborations with Yahoo, but also with domain listing companies in order to obtain information that helped take over the said domains.

The software giant reminds that it used a similar approach in an effort against Russian-linked group Strontium when the company managed to take control of 91 fake websites that the hackers were using in their attacks.

 

 

 

Source

[straycat19]

Whack-a-Mole at work.  Same applies to hacker sites as to pirate sites.  Take one down and a hundred appear in its place.

[Snuffy1942]

Shoot straight, one shot, and keep your powder dry.  "Wyoming One Shot Contest".