Microsoft said it seized 99 websites used by Iranian hackers to steal sensitive information and launch other cyberattacks.
The company said the group, which it has been tracking since 2013, has tried to snoop on activists, journalists, political dissidents, defense industry workers and others in the Middle East, including some who were “protesting oppressive regimes” in the region.
Hackers did so by tricking people in those organizations to click on malicious links disguised to resemble well-known brands, including Microsoft and its LinkedIn, Outlook and Windows products, Microsoft said in court filings.
Wednesday’s announcement tied the hackers to the country of Iran but not specifically to its government. A spokesman for Iran’s mission to the United Nations didn’t respond to an email and phone call seeking comment Wednesday. Iran has denied involvement in other hacking efforts identified by Microsoft.
Microsoft calls the hacking group Phosphorus, while others call it APT35 or Charming Kitten.
Allison Wikoff, a security researcher at Atlanta-based Secureworks, said it is one of the “more active Iranian threat groups” she has observed. She said Microsoft’s takedown was a big win using a practice known as “sinkholing,” which involves taking over adversary domains and analyzing their traffic to protect against future attacks.
Microsoft sued the hacking group in US District Court in Washington this month and described a hacking operation that “demonstrates skill, patience and access to resources.”
The hackers’ malicious software, according to the lawsuit, “effectively morphs the trusted, Microsoft-trademarked Windows system into a tool of deception and theft.”
Microsoft said the group typically tries to infiltrate a target’s personal accounts, not their work accounts, by luring them into clicking on a link to a compromised website or opening a malicious attachment.
Hackers, the company said, used fake domain names that resembled Microsoft and other well-known brands. They also created fake social media profiles to target people. Microsoft said hackers were damaging the company by breaking into its customers’ online accounts and computer networks.
US District Judge Amy Berman Jackson sided with the company in a March 15 ruling, arguing that there was good cause to believe the hacking activity was harming the company, its customers and the public. The documents were unsealed Wednesday.
Microsoft has taken hacking groups to court before. The Redmond, Washington, company used a similar strategy in 2016 to seize fake domains created by Russia-backed hackers who were later found to have been meddling in the US presidential election.
Microsoft: Seizure of sites Iranian hackers used for attacks
Microsoft: Seizure of sites Iranian hackers used for attacks
- The group has many names, like Phosphorus, APT35 and Charming Kitten
- They used malicious software disguised as trustworthy websites to access personal information of users
Media watchdogs condemn Israeli airstrike that killed 3 journalists in Gaza, call for investigation
- International Press Institute, Committee to Protect Journalists and Reporters Without Borders among organizations demanding urgent action
DUBAI: Media watchdogs including the International Press Institute, the Committee to Protect Journalists and Reporters Without Borders have spoken out against Israel’s treatment of media workers following an airstrike that killed 3 journalists in Gaza on Wednesday.
Those killed were Mohammed Salah Qashta, Abdul Raouf Shaat and Anas Ghneim.
The Israeli military said the attack targeted what it had identified as “several suspects” operating a drone and “affiliated with Hamas.”
According to eyewitnesses, the journalists were using a drone to record aid distribution by the Egyptian Relief Committee when the strike hit one of the committee’s vehicles.
The IPI called for an “immediate and credible investigation” and renewed pressure on the international community to take “concrete actions” to hold Israel accountable.
IPI executive director Scott Griffen said the Israeli government has “failed to credibly investigate attacks on journalists” and that the “international community has failed to hold Israel to account for its pattern of targeting and killing journalists.”
He urged strong action, saying that “it is long past time for the international community to take concrete steps to end the cycle of complete impunity for killings of journalists in Gaza.”
The International Federation of Journalists and the Palestinian Journalists Syndicate also condemned the killings and attacks on journalists, calling for an immediate investigation.
The IFJ appealed to all “combatants in this conflict to do their utmost to safeguard journalists and media professionals,” said IFJ general secretary Anthony Bellanger.
“Media workers in areas of armed conflict must be treated and protected as civilians and allowed to perform their work without interference,” he added.
The PJS said that the direct shelling of the journalists’ vehicle constitutes a war crime and a crime against humanity under international humanitarian law, in violation of the Geneva Conventions and UN resolutions that guarantee the protection of journalists during armed conflicts.
The syndicate called on the International Criminal Court to open “urgent and serious investigations” and to “issue arrest warrants against those responsible for the killing of journalists.”
It also urged the UN and other international organizations to take action “rather than limiting their response to statements of condemnation.”
The CPJ condemned the strike, which took place amid a ceasefire, said regional director Sara Qudah.
“Israel, which possesses advanced technology capable of identifying its targets, has an obligation under international law to protect journalists,” she said.
On Thursday, CPJ and RSF called on the 29 member states of the Media Freedom Coalition, in a joint letter, to take concrete steps toward guaranteeing media access to the Gaza Strip.
The move comes ahead of the Israeli Supreme Court hearing on Jan. 26 that will determine whether the press will have independent access to Gaza.
The signatories asked governments to send official representatives to the Jan. 26 hearing and to prioritize press freedom in their engagement with the new technocratic government, formed under a US-backed plan to govern Gaza.
They also urged states to ensure that the International Stabilization Force applies UN Security Council Resolution 2222, which recognizes journalists as civilians during armed conflict and affirms their right to protection and access.
“The inaction of states around the world encourages censorship and sets a dangerous precedent for other conflicts, to the detriment of civilian populations, humanitarian aid and political decisions based on verified facts,” said RSF director general Thibaut Bruttin.
More than 200 Palestinian journalists and media workers have been killed since the start of the war in October 2023, according to multiple reports.
