Microsoft seizes 99 Iranian hacker domains

Recently, certain court documents have surfaced that indicate the battle that Microsoft has been fighting with Iranian government-sponsored hackers. A total of 99 of their domains are now under the company’s control.

In legal terms, Microsoft obtained a court order allowing them to seize control of 99 web domains previously operated by Iranian hackers. In cybersecurity circles, the hacker group uses the following aliases:

– Charming Kitten

– Phosphorous

– APT35

– Ajax Security Team

These domains were used in spear-phishing campaigns targeting users in the US and around the world.

To come off as legitimate, the hacking group included brand names of various large enterprises in their domain name registrations, including those belonging to Microsoft and Yahoo. Speaking from the position of an authority is an age-old tactic for convincing unsuspecting victims to hand over their login credentials.

According to Microsoft, the domain registrars were very cooperative and did not hesitate to hand them over as soon as the company had obtained a court order.

This is a known practice when someone infringes on a company’s trademarks and copyrights. In recent years, however, Microsoft has been using the same tactic to make a stand against hacker groups.

As it so happens, this isn’t the first time Microsoft has resorted to such measures to seize control of domains from government-backed espionage groups. During the summer of 2018, Microsoft was able to take down several domains operated by APT28, a Russian cyber-espionage group that also goes by the names of Strontium and Fancy Bear.