Microsoft has announced that it has seized some key websites that Iranian hackers used for stealing sensitive information from unsuspecting users in the US as well as launching cyber attacks.
Reportedly, 99 websites have been seized by Microsoft of an Iranian hacker group that is known by many names including Phosphorus, Charming Kitten and APT 35. The company claims that it has been monitoring the group since 2013. During this time, Microsoft observed that Iranian hackers were spying on people from diverse sectors including politicians, activists, defense industry personnel, journalists, etc. mainly located in the Middle East.
The purpose behind seizing these websites is to prevent hackers from launching cyber attacks in the future and also to understand how they used to compromise devices. Their US targets were located in Washington and the group chose to target the email accounts of people employed both in private and public sectors such as the Treasury Department. There wasn’t any immediate reaction received from the US Treasury Department. It is worth noting that this is the same department that’s responsible for administering economic sanctions against Iran.
It is also being reported that Microsoft gained control of the 99 websites after the company sued the hackers in a US District Court in Washington. The company alleged that the hackers tried to defame the company’s brand name and its trademark value but compromising its products to target users through a technique known as spear phishing.
During the lawsuit, a temporary restraining order was issued in mid-March by Judge Amy B. Jackson that allowed Microsoft to take control of the websites used by the hackers. In this scenario, the Iranian hackers compromised the language and appearance of various Microsoft products including Hotmail, LinkedIn, Outlook and OneDrive, etc.
By seizing the websites, Microsoft could set up a sinkhole to monitor the traffic without alerting the hackers. However, it is also claimed that despite hackers being linked to Iran, there is no evidence that they have the backing of the government. Furthermore, the Iranian government has also categorically rejected its involvement in compromising Microsoft’s products to launch spear-phishing attacks.
In a blog post, Tom Burt – Corporate Vice President, Customer Security & Trust said that:
“While we’ve used daily security analytics tracking to stop individual Phosphorus attacks and notify impacted customers, the action we executed last week enabled us to take control of websites that are core to its operations.”
While addressing the event Monique Becenti, channel and product specialist at SiteLock cited the tactics used by Microsoft and said that:
Microsoft’s decision to seize the websites also raises another question — Is this an abuse of power? If this were any other tech company would the judge grant the same response? This could lead us down a slippery slope road and the potential consequences of big tech overreach are hard to overstate.
Spear phishing is a method of luring victims towards sending out their private and sensitive data. Hackers usually target employees at a particular institution and send emails or social media links claiming to be sent by personnel employed at reputed institutions and government agencies. When the victim clicks on the link, malware gets installed on their computer through which hackers are able to attack the official systems.
Regarding the Phosphorus group, SecureWorks’ security researcher Allison Wikoff stated that it is among the most “active” threat groups in Iran and Microsoft has secured a huge edge over the hackers by seizing 99 websites used by the group.
Microsoft explained in the court documents that the hackers used fake domain names resembling Microsoft’s domain names as well as the names of popular brands and also created fake social media profiles for targeting people. Microsoft claims that it was damaging for the company and that’s why it sued the hackers.