Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India.
The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.
“Bohrium actors create fake social media profiles, often posing as recruiters,” said Amy Hogan-Burney, GM of Microsoft’s Digital Crimes Unit. “Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target’s computers with malware.”
At the end of May, a federal district court in eastern Virginia granted Microsoft an emergency temporary restraining order; this allowed the corporation to dismantle Bohrium’s infrastructure by demanding US domain registries, such as Verisign and Donuts, transfer the domain names into Microsoft’s control. It looks as though that seizure has completed as domains such as microsoftsync[dot]org named by Microsoft have been transferred to MarkMonitor on behalf of Redmond.
Microsoft claimed the miscreants used the web domains to commit computer fraud, steal account users’ credentials, and infringe on Microsoft’s trademarks, according to court filings [PDF] Hogan-Burney made public late last week:
Important work by the @Microsoft Digital Crimes Unit to share today. Our team has taken legal action to disrupt a spear-phishing operation linked to Bohrium, a threat