APD News
Close

APD NewsAPP, New stage!

Click to download

Microsoft sues to take control of domains involved in Iran hacking campaign

Science

2019-03-27 16:44

Microsoft">Microsoft has won a restraining order in a U.S. court in order to take control of domains used by an Iranian hacker group.

The software and cloud giant applied to the court in order to take control of 99 websites used by the hacker group, known as Phosphorus or APT 35, in various hacking operations. The court granted the motion earlier this month but was unsealed this week, said Microsoft’s consumer security chief Tom Burt Microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/">in a blog post.

The granted order allowed Microsoft to take control of the domains from the registrars and host the domains on Microsoft’s own servers, including “outlook-verify.net” and “yahoo-verify.net,” and redirect malicious traffic safely into a Microsoft-controlled sinkhole.

“Throughout the course of tracking Phosphorus, we’ve worked closely with a number of other technology companies, including Yahoo, to share threat information and jointly stop attacks,” said Burt. (TechCrunch and Yahoo are both owned by Verizon Media.)

The hacker group is believed to be linked to a former U.S. Air Force counter-intelligence officer Monica Witt, who defected to Tehran in 2013 and is now wanted by the FBI for alleged espionage. The hackers has targeted academics and journalists with spearphishing campaigns designed to look like Yahoo and Google login pages but can defeat two-factor authentication.

It’s the latest legal action Microsoft has taken against a hacker group. Last year, the company Microsoft.com/on-the-issues/2018/08/20/we-are-taking-new-steps-against-broadening-threats-to-democracy/">filed a suit against Strontium, known as APT 28 or “Fancy Bear” — associated with Russian state intelligence agency, the GRU. It was one of a dozen actions over two years to take down fake websites used to trick targets into turning over their usernames and passwords.

Justice Department files criminal charges against seven Russian spies over Fancy Bear cyberattacks