A total of 99 domains now direct to a sinkhole

Mar 28, 2019 10:18 GMT  ·  By

Microsoft has recently revealed that it managed to take control of a total of 99 domains that were previously used by a hacking group called Phosphorus.

The company says the group, which is also known as APT35, Charming Kitten, NewsBeef, and Newscaster, used the domains to launch attacks against a series of high-profile targets, like computers belonging to businesses and government agencies.

Activists and journalists covering issues related to the Middle East have often been targeted by Phosphorus, Microsoft notes.

“Phosphorus typically attempts to compromise the personal accounts of individuals through a technique known as spear-phishing, using social engineering to entice someone to click on a link, sometimes sent through fake social media accounts that appear to belong to friendly contacts. The link contains malicious software that enables Phosphorus to access computer systems,” the company states.

Similar strategy also used against Strontium

The domains that were obtained in court and which now point to a Microsoft Digital Crime Unit sinkhole mimic addresses that belong to Microsoft and Yahoo, like outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net.

The Iranian hacking group is being tracked by Microsoft since 2013, and the company explains that it’s now using the domains to collect intelligence data that will be then added to its security products.

“The intelligence we collect from this sinkhole will be added to MSTIC’s existing knowledge of Phosphorus and shared with Microsoft security products and services to improve detections and protections for our customers,” Tom Burt, Corporate Vice President, Customer Security & Trust, says.

Microsoft says that its investigation in this case included collaborations with Yahoo, but also with domain listing companies in order to obtain information that helped take over the said domains.

The software giant reminds that it used a similar approach in an effort against Russian-linked group Strontium when the company managed to take control of 91 fake websites that the hackers were using in their attacks.