Microsoft said it seized 99 websites used by Iranian hackers to steal sensitive information and launch other cyberattacks.
The company said the group, which it has been tracking since 2013, has tried to snoop on activists, journalists, political dissidents, defense industry workers and others in the Middle East, including some who were “protesting oppressive regimes” in the region.
Hackers did so by tricking people in those organizations to click on malicious links disguised to resemble well-known brands, including Microsoft and its LinkedIn, Outlook and Windows products, Microsoft said in court filings.
Wednesday’s announcement tied the hackers to the country of Iran but not specifically to its government. A spokesman for Iran’s mission to the United Nations didn’t respond to an email and phone call seeking comment Wednesday. Iran has denied involvement in other hacking efforts identified by Microsoft.
Microsoft calls the hacking group Phosphorus, while others call it APT35 or Charming Kitten.
Allison Wikoff, a security researcher at Atlanta-based Secureworks, said it is one of the “more active Iranian threat groups” she has observed. She said Microsoft’s takedown was a big win using a practice known as “sinkholing,” which involves taking over adversary domains and analyzing their traffic to protect against future attacks.
Microsoft sued the hacking group in US District Court in Washington this month and described a hacking operation that “demonstrates skill, patience and access to resources.”
The hackers’ malicious software, according to the lawsuit, “effectively morphs the trusted, Microsoft-trademarked Windows system into a tool of deception and theft.”
Microsoft said the group typically tries to infiltrate a target’s personal accounts, not their work accounts, by luring them into clicking on a link to a compromised website or opening a malicious attachment.
Hackers, the company said, used fake domain names that resembled Microsoft and other well-known brands. They also created fake social media profiles to target people. Microsoft said hackers were damaging the company by breaking into its customers’ online accounts and computer networks.
US District Judge Amy Berman Jackson sided with the company in a March 15 ruling, arguing that there was good cause to believe the hacking activity was harming the company, its customers and the public. The documents were unsealed Wednesday.
Microsoft has taken hacking groups to court before. The Redmond, Washington, company used a similar strategy in 2016 to seize fake domains created by Russia-backed hackers who were later found to have been meddling in the US presidential election.
Microsoft: Seizure of sites Iranian hackers used for attacks
Microsoft: Seizure of sites Iranian hackers used for attacks
- The group has many names, like Phosphorus, APT35 and Charming Kitten
- They used malicious software disguised as trustworthy websites to access personal information of users
Semafor targets Gulf expansion after first profitable year
- Digital news brand generates $2m in earnings on $40m of revenue in 2025, and raises $30m in new financing
- Platform aims to be the ‘business and financial news brand of record for the Gulf,’ CEO says, and to ‘blanket the world’ within 2 years
DUBAI: Digital news platform Semafor generated $2 million in earnings in 2025 before interest, taxes, depreciation and amortization, on revenue of $40 million, marking its first year of profitability.
It also closed $30 million in new financing, which it plans to use to grow its editorial operations and live events business.
These achievements are particularly notable at a time when the global news industry is facing declining revenues and the erosion of audience trust, the company said.
Justin B. Smith, the company’s co-founder and CEO, told Arab News that Semafor’s model and approach is distinguished by several factors, which can be encapsulated by its vision of building a news product to “serve consumers that are increasingly not trusting news, but also designed with a business model that could deliver sustainable economic advantage.”
Following its first profitable year and armed with new funding, Semafor, founded in 2022, now plans an accelerated phase of global expansion with a focus on scaling editorial output and global convenings.
The company said it will broaden its publication schedule in the year ahead. Semafor Gulf and Semafor Business will become daily publications as the platform increases the frequency of its “first-read” services, which are daily briefings designed to showcase “front page” news and intended to serve as the “first read” for audiences, Smith said.
The Gulf edition of Semafor launched in September 2024, with former Dow Jones reporter Mohammed Sergie as editor. In 2025 Matthew Martin was appointed its Saudi Arabia bureau chief.
Semafor’s brand slogan is “intelligence for the new world economy” and “the Gulf is the epicenter of the new world economy,” Smith said. Currently, its Gulf operation employs eight journalists, based in the UAE and Saudi Arabia, and as it moves to a daily publishing schedule it plans to significantly bolster its editorial team, both in existing markets and new ones, such as Qatar.
Semafor is “obsessed with the business, financial and economic story” in the region and aims to become “the business and financial news brand of record for the Gulf,” Smith said.
In the US, Semafor DC, currently published daily, will move to a twice-a-day format in March. In addition, the company’s flagship annual Semafor World Economy platform in Washington will expand this year from a three-day event to five days, with extended programming. The event, in April, is expected to attract more than 400 global CEOs, more than double the number that took part in 2025.
In addition to the US and the Gulf, Semafor currently operates in Africa. It held its first event in the Gulf region last month, during Abu Dhabi Finance Week, and said it is now looking to grow its events footprint across the Gulf, and into Asia. It will launch a China edition next month, its first foray into Asia, and plans to launch in Europe in 2027, followed eventually by Latin America.
Within the next two years, Semafor aims to have “blanketed the whole world” and become a mature, global intelligence and news brand competing with the “greatest legacy business and financial news brands in the world,” Smith said.
“Our goal is to become the leading global intelligence and news company for the world, founded on independent, high-quality content and convenings,” he added.
