Microsoft Takes on Another Hacking Group, This One With Links to Iran

Microsoft says court order has given it control of 99 web sites linked to group it calls Phosphorus

Dina Bass

28 Mar 2019, 10:32 AM IST

Microsoft Takes on Another Hacking Group, This One With Links to Iran

Employees stands at the reception area of the Microsoft Corp. Office and Experience Center during a media event for the opening of the workspace in Hong Kong, China. (Photographer: Billy H.C. Kwok/Bloomberg)

(Bloomberg) -- Microsoft Corp. said that it has taken control of 99 web sites used by a malicious group connected to Iranian hackers who attacked targets including government agencies and businesses in order to steal confidential information.

The group, which Microsoft refers to as Phosphorus, but is also known as APT 35, Charming Kitten, and Ajax Security Team, used spear-phishing attacks launched from web sites made to look like they belong to companies like Microsoft and Yahoo, according to the post. The attacks convince users to click on a link containing malicious software or make the user believe their accounts have been compromised and then ask them to re-enter security credentials, which are then stolen by the group.

Court documents unsealed Wednesday detail the work Microsoft’s Digital Crimes Unit has done to fend off the group, including a case filed in the U.S. District Court for Washington, D.C., that resulted in an order last week enabling Microsoft to take control of the sites. Microsoft says it has been tracking this group since 2013 and that it frequently targets government and business entities as well as journalists and advocacy groups that work on Middle East issues. Microsoft’s Digital Crimes Unit, and its other security entities, work to derail an array of security threats, including similar action against the group Strontium, linked to the Russian military, and actions to protect elections in the U.S. and Europe.

Once it took control of the sites, Microsoft said it redirected traffic to a security repository it runs in order to learn more about the group’s activities. That information will be used in Microsoft’s security products to better protect customers.

The company also said it has worked closely with other technology companies, especially Yahoo, on this case. Facebook Inc. said yesterday that it has removed hundreds of pages, groups and accounts connected to Iran for impersonating political groups and media organizations in an attempt to influence political thought in countries around the world.