Working under a court order Microsoft seized control of 99 websites allegedly controlled by the Iranian hacker group APT 35.Charming Kitten has been associated with Iran.Microsoft obtained clearance to take action against APT35 (aka
Phosphorus, Charming Kitten, Ajax Security Team) by the U.S. District Court for
Washington, D.C. after the company took legal action against the group. APT35
has been identified by the Microsoft Digital Crimes Unit and the Microsoft
Threat Intelligence Center as a threat actor since 2013 when the company began
tracking the group.“Our court case against Phosphorus, filed in the U.S.
District Court for Washington D.C., resulted in a court order enabling us last
week to take control of 99 websites the group uses to conduct its hacking
operations so the sites can no longer be used to execute attacks,” Microsoft said
in a statement.
After taking control of the 99 websites, Microsoft
redirected the traffic from the devices already infected to the Digital Crime
Unit’s sinkhole where the data will be studied to better improve upcoming security
products.APT35 is known for its spear phishing attacks and creating
fake social media accounts to tempt a target into clicking a specific link that
will lead to malware being injected into the target’s system. In the email
scenario the malicious actors pretend to be from a well-known brand name, like
Microsoft and Yahoo – which also helped with the case, saying there is a
security risk with their account then asking for their login credentials.“While we’ve used daily security analytics tracking to stop
individual Phosphorus attacks and notify impacted customers, the action we
executed last week enabled us to take control of websites that are core to its
operations. Our work to track Phosphorus over multiple years and observe its
activity enabled us to build a decisive legal case and execute last week’s
action with confidence we could have significant impact on the group’s
infrastructure,” the company said.Some of APT35’s recent activity includes being behind a
phishing campaign against American officials charged with enforcing economic
sanctions against Iran imposed on Iran by President Trump.The research firm Certfa in December 2018 discovered an open
server listing Gmail and Yahoo email addresses that the hackers had accessed. the Iranian hacking group targeted private
emails a handful of U.S.Treasury Department officials as well as others opposed
to and supportive of the Iran nuclear deal forged during the Obama
administration.This is the fifteenth time Microsoft has used this approach
to gain permission to grab criminal websites."The size of Microsoft's legal action in taking control of these domains is much larger than the company has taken in previous years against similar incidents. Cooperation among private sector corporate leaders like Microsoft and allied federal governments is important in cybersecurity. This is a positive step in demonstrating a strong and united front against nation state cyber threats," said Ryan Weaver, security researcher, DomainTools
WhatsApp's planned username feature, which allows users to communicate without revealing their phone numbers, has raised alarms in India, WhatsApp's largest market with over 850 million users.