Microsoft Digital Crimes Unit (DCU) has identified and blocked a spear-phishing operation of Bohrium linked to an Iranian threat actor targeting customers in the U.S., Middle East, and India.
Microsoft has taken down 41 domains used in this campaign to establish C2 infrastructure that enabled the attackers to deploy malicious tools designed to help them gain access to targets’ devices and exfiltrate stolen information from compromised systems.
Threat actors have been intentionally accessing and sending malicious software, code, and instructions to the protected computers, operating systems, and computers networks of Microsoft and the customers of Microsoft, without authorization, Microsoft said in a statement.
Though the timeline is unknown, the domain taken down by Microsoft were used way back in 2017 for hosting malicious contents.
This action is part of a long series of lawsuits targeting malicious infrastructure used in attacks against Microsoft customers worldwide.
To date, in 24 lawsuits – five against nation-state actors – microsoft has taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors.