Microsoft said that its Digital Crimes Unit (DCU) has disrupted malicious campaign linked to the cybercriminal group Bohrium. This threat actor targeted customers in the U.S., Middle East, and India with spear-fishing messages and is believed to be linked to Iran. A list of Bohrium’s victims includes a variety of organizations from tech, transportation, government, and education sectors.
According to Microsoft, DCU has taken down 41 domains used by hackers in their C&C-infrastructure to deploy malware which helped them to access the targeted systems and steal data stored on them. The timeline of this spear-phishing operation has not been revealed but some domains have been used to host and push malware payloads since 2017.
Bohrium is known for posing as recruiters. Cybercriminals registered fake social media accounts and found potential victims. They obtained their target’s personal information and then sent phishing emails with links that ultimately infected the victim’s systems with malware.
To take Bohrium’s domains down Redmond has filed a lawsuit against unknown parties “controlling a computer network and thereby injuring plaintiff and its customers”.
In the past, Microsoft filed a series of lawsuits targeting malicious infrastructure used in attacks against its customers worldwide. For example, the company seized servers used by APT15 Chinese state hackers, Russian Fancy Bear, Iranian APT35 and North Korean Thallium. In total, Microsoft has filed 24 lawsuits, including five against nation-state actors.