BleepingComputer reports that Iranian threat actor Bohrium's spear-phishing operation targeted at various organizations across different industries in the U.S., India, and the Middle East has been disrupted by the Microsoft Digital Crimes Unit.
Forty-one domains leveraged by Bohrium to create a command and control infrastructure for the campaign have been dismantled by Microsoft, which noted in court filings that the Iranian attackers have been "intentionally accessing and sending malicious software, code, and instructions to the protected computers, operating systems, and computers networks of Microsoft and the customers of Microsoft, without authorization. ..."
Fraudulent social media profiles are being used by Bohrium attackers, who have been impersonating recruiters looking to infect targets' devices with malware after securing their personal data, according to Microsoft DCU General Manager Amy Hogan-Burney.
Microsoft's takedown of Bohrium is part of the company's long-running campaign against threat actors targeting its customers around the world, with Microsoft Corporate Vice President for Customer Security & Trust Tom Burt noting that over 10,000 malicious sites leveraged by cybercriminals and nearly 600 more used in nation-state threat operations have been disrupted last December as a result of its actions.