Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., Middle East, and India.
Microsoft seized 41 websites, including “.com,” “.info,” “.live,” “.me,” “.net,” “.org,” and “.xyz” domains that were employed in the attacks.
The APT group created fake social media profiles, often posing as recruiters, then used them to trick targets into providing personal information. Once obtained this information from the victims, Bohrium sent phishing emails to the victims containing links that once clicked have started the infection process for the target’s computers.
The threat actors’ spear-phishing attacks were aimed at gathering intelligence over the targets.
Early this month, Microsoft announced it has blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM. POLONIUM has targeted or compromised more than 20 Israeli organizations and one intergovernmental organization with operations in Lebanon over the past three months. Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry.
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Bohrium)