Prevention is better than cure, they say. Thanks to the Microsoft Digital Crimes Unit (DCU) for stopping an Iranian threat actor named Bohrium from spreading spear-phishing. The phishing operation targeted customers in the United States, the Middle East, and India.
 

Who were the prime targets?

According to Amy Hogan-Burney, General Manager of Microsoft DCU, Bohrium targeted organizations from a range of sectors, including technology, transportation, government, and education.
  • Microsoft DCU has taken down 41 domains associated with this campaign to establish a command and control infrastructure.
  • Based on evidence provided in court filings, the hackers have been sending malicious software, code, and instructions to Microsoft's protected computers, operating systems, and computer networks,without the consent of its customers.
  • Although Microsoft didn't provide a chronology for the spear-phishing operation, it has since come to light that some of the domains taken down were being utilized to store and distribute malware payloads since 2017.

The modus operandi

  • Bohrium actors often create fake social media profiles, often posing as recruiters.
  • Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware.

Closing lines

The war against spear-phising operations is far from over. A small battle might have been won by Microsoft but the ones behind these malicious attacks, will be back again. The companies need to stay vigilant to keep themselves and their data secure.
Cyware Publisher

Publisher

Cyware