Microsoft announced this week that it was granted a court order giving it control of 99 websites tied to an Iranian hacker group.
“Microsoft’s Digital Crimes Unit has executed work to disrupt cyberattacks from a threat group we call Phosphorus which is widely associated with Iranian hackers,” Microsoft corporate vice president Tom Burt writes in a new post to the Microsoft on the Issues blog. “Our court case against Phosphorus resulted in a court order enabling us last week to take control of 99 websites the group uses to conduct its hacking operations so the sites can no longer be used to execute attacks.”
Phosphorus is also known as APT 35, Charming Kitten, and the Ajax Security Team, and Microsoft has been tracking it since 2013. The group is known to have infiltrated the computer systems of activists, journalists, businesses, and governments and stolen information.
The group also uses human engineering tricks to fool its victims.
“Phosphorus typically attempts to compromise the personal accounts of individuals through a technique known as spear-phishing, using social engineering to entice someone to click on a link, sometimes sent through fake social media accounts that appear to belong to friendly contacts,” Burt continues. “Phosphorus also uses a technique whereby it sends people an email that makes it seem as if there’s a security risk to their accounts, prompting them to enter their credentials into a web form that enables the group to capture their passwords and gain access to their systems.”
Microsoft credits other technology firms, including Yahoo and various domain listing companies, for partnering with it on its investigation of Phosphorus. Techcrunch reports that former U.S. Air Force counter-intelligence officer Monica Witt, who defected to Iran in 2013 and is now wanted by the FBI for alleged espionage, is tied to Phosphorus.
Tagged with Security