Microsoft is suing to take control of domains involved in a hacking campaign. The campaign, which took place in Iran, involved 99 websites used by the hacker group.
The software giants won a restraining order in a United States court. They applied to the court to take control of the websites used by the hacker group. The hackers used the website, known as Phosphorus or APT 35, in various hacking operations.
The US court granted the motion earlier in March 2019. However, according to Microsoft’s security head, Tom Burt, they unsealed the motion last week.
The court order will let Microsoft take control of the domains from the hackers and host it on their own servers. It will also redirect malicious traffic safely into a Microsoft-controlled terrain. The domains will include the “outlook-verify.net” and “yahoo-verify.net”.
Burt confirmed that that Microsoft had worked closely with other technology companies like Yahoo to share information and stop attacks. He said they did this while “tracking Phosphorus”.
The group that carried out the hacking has been linked to former US Air Force counter-intelligence officer Monica Witt who defected to Iran in 2013. Witt is wanted by the FBI for spying activities. The hackers had targeted spear-phishing campaigns on academics and journalists. They designed it to look like Yahoo and Google logic pages.
In 2018, Microsoft had also filed legal actions against Strontium. The hacker group, also known as “Fancy Bear”, was associated with the Russian state intelligence agency.
These actions are part of Microsoft’s moves to take down fake websites. Most of them trick targets to reveal their usernames and passwords.