Tech giant Microsoft has got permission from a US court to seize nearly four dozen domains belonging to a group of cyber criminals operating from Iran and engaged in phishing organizations located in the US, the Middle East, and India.
According to media reports, the cyber gang has been identified as “Bohrium” which especially targeted those working in the technology, transportation, government, and education sectors on the pretext of being job recruiters.
The gang members would pretend to be job recruiters to lure marks into running malware on their personal computers, according to the Microsoft Digital Crimes Unit.
“Bohrium actors create fake social media profiles, often posing as recruiters,” said Amy Hogan-Burney, GM of Microsoft’s Digital Crimes Unit, according to the report.
“Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target’s computers with malware,” the official said.
Microsoft was granted in May end an emergency temporary restraining order from a federal district court in eastern Virginia that allowed the tech giant to dismantle Bohrium’s infrastructure by demanding US domain registries, such as Verisign and Donuts, transfer the domain names into Microsoft’s control, the media reports stated.
“Microsoft claimed the miscreants used the web domains to commit computer fraud, steal account users’ credentials, and infringe on Microsoft’s trademarks, according to court filings Hogan-Burney made public late last week,” it added.
The cyber criminals had not only misused Microsoft’s trademarks in its phishing campaign to dupe people into sharing their credentials for personal computers but also compromised the computers run by the company’s customers.
“The crew also used the domains to set up command-and-control servers to manage malware installed on those computers,” the report noted.
The court filing in the case mentioned that Bohrium “corrupted” Microsoft’s applications on victims’ computers and Microsoft’s servers, thereby using them “to monitor the activities of users and steal information” from them.
Earlier Microsoft had obtained a similar order from a court in Georgia to take down the infrastructure of another gang of cyber criminals who had attacked customers of the Windows makers.
The tech behemoth had taken down 65 domains of a criminal botnet gang to check its remote-control malware and prior to that taken out seven domains controlled by Strontium, believed to be run by Russia’s foreign military intelligence agency GRU.
Follow The420.in on