Microsoft seizes multiple domains to stall APT35 threat group

• Over 99 domains were seized by Microsoft’s Digital Crimes Unit to halt cyberattacks by this threat group.
• APT35, also known as Phosphorous, primarily used spearphishing for its operations.

Microsoft has taken control of 99 domains that were used by the notorious APT35 group. The tech giant made use of a court order issued against the group to seize these domains.

Microsoft’s Digital Crimes Unit (DCU) executed this operation yesterday. According to Tom Burt, Corporate VP - Customer Security & Trust at Microsoft, the company had led a court case against APT35 which resulted in the court order.

The big picture

• APT35 which is known by various other names such as Charming Kitten and Phosphorus, is an Iran-based threat group which operates mainly in the Middle East region.
• The group targets large businesses as well as governmental organizations. On top of this, it has been observed that APT35 was also zeroing in on persons reporting on social issues in the Middle East.
• Microsoft’s DCU and the Microsoft Threat Intelligence Center (MSTIC) was monitoring this threat group since 2013.
• APT35 deploys spearphishing in order to gain access to the victims’ computers. Another method involves users to believe a ‘security risk’ in their email accounts and then stealing their credentials once they enter them in a malicious web page.
• Some of the fake websites used by the site are outlook-verify[.]net, yahoo-verify[.]net, verification-live[.]com, and myaccount-services[.]net.

What other actions are being taken - Burt mentioned that traffic from devices affected by these domains was diverted using sinkholing to zero in on the malicious domains.

“The action we executed last week enabled us to take control of 99 websites and redirect traffic from infected devices to our Digital Crime Unit’s sinkhole. The intelligence we collect from this sinkhole will be added to MSTIC’s existing knowledge of Phosphorus and shared with Microsoft security products and services to improve detections and protections for our customers,” Burt wrote in a blog.

The extensive monitoring of the group has helped Microsoft to successfully retaliate against it on a wide scale.