Microsoft said it received a court order to take over 99 websites used by a group associated with Iranian hackers to steal sensitive information from journalists, activists, government organizations and businesses.
The tech giant’s Digital Crime Unit and Threat Intelligence Center has battled hackers around the globe for years. Microsoft said it has been tracking this group, which it calls Phosphorus but is also known as APT 35, Charming Kitten, and Ajax Security Team, since 2013.
Phosphorus uses spear-phishing, a means of enticing individuals to click on malicious links, to access computer systems. The group also sends emails warning of security threats to get users to fork over their passwords.
Microsoft filed a request under seal in U.S. District Court in Washington D.C. earlier this month to take over the websites. The documents were unsealed today, and Microsoft said in a blog post that it got the court order to seize the websites last week.
Microsoft said it has spent years building a case against Phosphorus. In the past, the company has used security analytics to stop individual attacks from Phosphorus and notified customers, and Microsoft hopes seizing the websites will cripple the group’s infrastructure.
The attackers employed websites that use names of well-known brands, including Microsoft. After seizing the sites, which include outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net, Microsoft will “redirect traffic from infected devices to our Digital Crime Unit’s sinkhole.”
Microsoft said it has worked with other big tech firms in its tracking of Phosphorus, specifically calling out Yahoo as a partner. It teamed up with domain listing companies prior to filing court documents to make the website takeover transition a smooth one.