Microsoft Corp. said that it has taken control of 99 sites used by a malicious group attached to Iranian hackers who attacked targets such as government agencies and companies in order to steal confidential information.
The team, which Microsoft describes Phosphorus, but is also referred to as APT 35, Charming Kitten, and Ajax Security Team, utilized spear-phishing attacks launched from web sites made to seem as though they belong to firms like Microsoft and Yahoo, according to the post. The attacks convince users to click a link containing malicious software or make the user believe their accounts are compromised and then request them to re-enter safety credentials, which are then stolen by the group.
Court documents unsealed Wednesday to detail the job Microsoft’s Digital Crimes Unit has done to fend off the team, including a case filed at the US District Court for Washington, D.C., which resulted in an arrangement last week allowing Microsoft to seize control of the websites. Microsoft says it has been monitoring this group since 2013 and that it frequently targets government and business entities as well as journalists and advocacy groups which operate on Middle East problems. Microsoft’s Digital Crimes Unit and its other safety entities work to derail a range of safety hazards, such as similar action against the team Strontium, linked to the Russian army, and actions to safeguard elections in the U.S. and Europe.
Once it took control of those sites, Microsoft said it redirected traffic to a safety repository it runs in order to learn more about the group’s actions. That info will be utilized in Microsoft’s security products to better protect customers.
The company also said that it has worked closely with other tech businesses, especially Yahoo, in this case. Facebook Inc. said yesterday it has removed hundreds of webpages, accounts, and groups connected to Iran for impersonating political groups and media organizations in an attempt to influence political thought in nations around the world.