Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Microsoft Removes Iranian Domains Linked to Cyber-attacks

Iran: In an attempt to combat ongoing cyber-attacks, Microsoft has sued to be able to take control of domains that are known to be used by Iranian hackers. The domains are being hosted on Microsoft servers and used in common spear-phishing attacks around the world. Microsoft’s end plan is to control the domain so that traffic is redirected to a sinkhole controlled by Microsoft, not allowing the attackers to steal any information. The group APT 25, also known as Phosphorus, Charming Kitten, and other names have been carrying out attacks for years by using phishing emails to try to gain credentials from unknowing victims. The spear-phishing attacks that APT 35 typically carry out tend to use the names and logos of big brands to trick users into thinking they are giving their credentials to a real company. Microsoft stated that the legal actions that Microsoft has taken took years for them to compile and prove, but because of it, domains such as “outlook-verify.net” and “yahoo-verify.net,” which used to be common credential-harvesting domains, are now controlled by Microsoft. This action by Microsoft in no way can stop the group from targeting individuals and using these domains, but until APT 35 finds new domains and stops cycling through the ones that Microsoft now has control over, they will not be able to gain any of the credentials they are trying steal. APT 35 will need to find new domains to continue carrying out attacks, but there is no time frame on how long it will take them to develop a new technique.