Microsoft takes down websites used by Iranian hackers

Microsoft said Wednesday that it obtained a court order last week to seize and shut down websites used by Iranian hackers.

Tom Burt, Microsoft’s vice president for customer security and trust, said in a blog postthat the company had sued the hacking group — which goes by Phosphorus, APT 35 and Charming Kitten — over its targeting of Microsoft users.

The hackers have been known to target businesses, government agencies, activists and journalists “especially those involved in advocacy and reporting on issues related to the Middle East,” Burt wrote.

He added that the group uses spear-phishing attacks on its targets, tricking users into clicking a link that then distributes malware and gives hackers access to the user’s systems and networks.

The same technique was used in the 2016 hack of John Podesta, then the chairman of Democratic nominee Hillary Clinton’s presidential campaign.

The Iranian hackers also created fake websites that appear to belong to brands like Microsoft to trick users into providing their login information, according to Burt.

“While we’ve used daily security analytics tracking to stop individual Phosphorus attacks and notify impacted customers, the action we executed last week enabled us to take control of websites that are core to its operations,” he wrote. “Our work to track Phosphorus over multiple years and observe its activity enabled us to build a decisive legal case and execute last week’s action with confidence we could have significant impact on the group’s infrastructure.”