Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Takes Control of 99 Domains Operated By Iranian State Hackers (zdnet.com)

Posted by BeauHD on from the what's-yours-is-mine dept.

An anonymous reader quotes a report from ZDNet: Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers. The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team. The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world.

APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today. Some of the domains Microsoft has confiscated include the likes of outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net. Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

49 comments

  1. Iranians? by Anonymous Coward · · Score: 0

    I thought they liked to be called Persians.

    1. Re:Iranians? by Anonymous Coward · · Score: 0

      They pretend to be related to those ancient Persians.

      They are not now because of much interbreeding with mongols, arabs, jews, armenians, turks, pakis etc.

    2. Re:Iranians? by ClickOnThis · · Score: 1

      I thought they liked to be called Persians.

      Yes they do. As opposed to Arabs. But they're still Iranians.

      --
      If it weren't for deadlines, nothing would be late.
  2. Act of War by quenda · · Score: 1

    I hope those Iranian hackers were not trying to sabotage American factories.
    Because that would be an illegal act of war, deserving international condemnation and sanctions.

    1. Re:Act of War by Anonymous Coward · · Score: 0

      Iran has several "acts of war" to choose from when it comes to the US, lol. Or Israel for that matter...

    2. Re:Act of War by Gravis+Zero · · Score: 1

      I hope those Iranian hackers were not trying to sabotage American factories.

      That would be small potatoes and retardedly shortsighted. It's far more likely that they were seeking to get credentials to get deeper access into the workplaces of the targets to copy intellectual property which can cost millions to develop.

      --
      Anons need not reply. Questions end with a question mark.
    3. Re:Act of War by xenobyte · · Score: 1

      I hope those Iranian hackers were not trying to sabotage American factories.

      That would be small potatoes and retardedly shortsighted. It's far more likely that they were seeking to get credentials to get deeper access into the workplaces of the targets to copy intellectual property which can cost millions to develop.

      Or simply gain a foothold inside vital companies, energy distribution and other essential systems. They could then sabotage their operation as an act of (covert) war. This is pretty much SOP for military intelligence services worldwide and "state hackers" is simply another word for "hackers working for the Iranian military intelligence service".

      --
      "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
    4. Re:Act of War by Anonymous Coward · · Score: 0

      I hope those Iranian hackers were not trying to sabotage American factories.
      Because that would be an illegal act of war, deserving international condemnation and sanctions.

      The USA can't go to war with anyone like Iran. This is because the political class is full of paedophiles with skeletons in their closets. That's how Mossad controls US policy in the middle east, US troops fighting wars for Israel. There is a system used to create and compromise the pedophiles. Hollywood & US music are both controlled this way. That's why R Kelly would knowingly video himself with a 14 year old girl -- to give his controllers the dirt they want. This is how one "makes a deal with the devil" so to speak. So, it doesn't matter if your nation is under control by foreign interests, it is too corrupt to do anything. The rest of the world can just reveal its secrets, and its own people will destroy the USA. This is by design.

      That system is also used to covertly suppress dissidents. China and Iran do not need to use such a technological system to suppress their people and maintain control. These nations both have a system of OVERT suppression in place so that they can terminate the suppressive technology in their own nation, then reveal its use to the world and have the western world eat itself alive. This is why China is allowed to have a monopoly on rare earth minerals despite USA being rich with the same minerals.

      Only if the I

      China gets away with horrible human experimentation. They have detention camps for the religious. China harvests organs from dissenters. China is the new 3rd Reich. China is actually doing what the Nazis were accused of. And you will not go to war with China... Ergo, you will not go to war with Iran -- unless and until Iran's political class has been fully compromised by the system of covert suppression.

      Now that the world governance is run on a web of secrets, we must take a step back and realize that it would be trivial for someone with the information and means to distribute it to begin world war three. You idiots think petty economic cyberwarfare means anything on this world stage? No. The world peace relies on the keeping of secrets. All the nations are thus kept in check thereby. Level up your politik, plebs.

    5. Re:Act of War by Gravis+Zero · · Score: 1

      Or simply gain a foothold inside vital companies, energy distribution and other essential systems. They could then sabotage their operation as an act of (covert) war.

      Poppycock! We've already seen a worst case scenario for energy distribution systems play out in the US and military systems were not impacted.

      --
      Anons need not reply. Questions end with a question mark.
    6. Re:Act of War by cyberchondriac · · Score: 1

      Did everyone miss the sarcasm here? I believe he was backhandedly referring to the Stuxnet affair, not that I'm sympathetic.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
    7. Re:Act of War by quenda · · Score: 1

      Did everyone miss the sarcasm here? I believe he was backhandedly referring to the Stuxnet affair, not that I'm sympathetic.

      Thanks. Glad somebody is paying attention :-)
      I understand the reasons for Stuxnet, but you have to expect some blowback.

  3. This explains things... by Patent+Lover · · Score: 1

    I was wondering where IranSaysFuckYouAmerica.com went.

  4. six gorillon by Anonymous Coward · · Score: 0

    six gorillion domains are required for (((them))) to launch cyber attacks against Venzuela's power grid.

  5. Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · · Score: 0

    I actually DID have all 99 blocked LONG ago per https://yro.slashdot.org/comme... & MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen https://news.slashdot.org/comm... in my work!

    u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.

    That's "best ya got"?

    u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).

    APK

    P.S.=> I always EASILY simply BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...

    1. Re: Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · · Score: 0

      Yes, I want to be you. I want to be a 54 year old loser with no job, living in his daddy's $1 house. I want my life to revolve around spamming Slashdot about a string sorting program that I wrote. I don't want a job, a family, or a useful purpose in life. I'm just a "ne'er-do-well" who wants to live in a dump of a $1 house in Syracuse like you.

  6. Microsoft made Obama cry! by Anonymous Coward · · Score: 0

    Iran and Obama, best budds from the good old days! After all, what's 1.5 billion dollars in cash delivered on cargo plane pallets! "Allahu akbar" --- Barack Hussein Obama.

  7. Proof #1/2 by Anonymous Coward · · Score: 0

    0.0.0.0 yahoo-verification.org
    0.0.0.0 support-servics.com
    0.0.0.0 verification-live.com
    0.0.0.0 com-mailbox.com
    0.0.0.0 com-myaccuants.com
    0.0.0.0 notification-accountservice.com
    0.0.0.0 accounts-web-mail.com
    0.0.0.0 customer-certificate.com
    0.0.0.0 session-users-activities.com
    0.0.0.0 user-profile-credentials.com
    0.0.0.0 verify-linke.com
    0.0.0.0 support-servics.net
    0.0.0.0 verify-linkedin.net
    0.0.0.0 yahoo-verification.net
    0.0.0.0 yahoo-verify.net
    0.0.0.0 outlook-verify.net
    0.0.0.0 com-users.net
    0.0.0.0 verifiy-account.net
    0.0.0.0 telegram.net
    0.0.0.0 account-verifiy.net
    0.0.0.0 myaccount-services.net
    0.0.0.0 com-identifier-servicelog.nam
    0.0.0.0 microsoft-update.bid
    0.0.0.0 outlook-livecom.bid
    0.0.0.0 update-microsoft.bid
    0.0.0.0 documentsfilesharing.cloud
    0.0.0.0 com-microsoftonline.club
    0.0.0.0 confirm-session-identifier.info
    0.0.0.0 session-management.info
    0.0.0.0 confirmation-service,info
    0.0.0.0 document-share,info
    0.0.0.0 broadcast-news.info
    0.0.0.0 customize-identity.info
    0.0.0.0 webemail.info
    0.0.0.0 com-identifier-servicelog.info
    0.0.0.0 customize-identity.info
    0.0.0.0 documentsharing.info
    0.0.0.0 notification-accountservice.info
    0.0.0.0 identifier-activities,info
    0.0.0.0 documentofficupdate.info
    0.0.0.0 recoveryusercustomer.info
    0.0.0.0 serverbroadcast.info
    0.0.0.0 account-profile-users.info
    0.0.0.0 account-service-management,info
    0.0.0.0 accounts-manager.info
    0.0.0.0 activity-confirmation-service.info
    0.0.0.0 com-accolintidentifier.info
    0.0.0.0 com-privacy-help.info
    0.0.0.0 com-sessionidentifier.info
    0.0.0.0 com-useraccount.info
    0.0.0.0 confirmation-users-service.info
    0.0.0.0 confirm-identity.info
    0.0.0.0 confirm-session-identification.info
    0.0.0.0 continue-session-identifier.info

    APK

    P.S.=> Rest coming in my next post (MS will now sinkhole them though)... apk

  8. Proof #2/2... apk by Anonymous Coward · · Score: 0

    0.0.0.0 customer-recovery.info
    0.0.0.0 customers-activities.info
    0.0.0.0 elitemaildelivery.info
    0.0.0.0 email-delivery.info
    0.0.0.0 identify-user-session.info
    0.0.0.0 message-serviceprovider.info
    0.0.0.0 notificationapp.info
    0.0.0.0 notification-manager.info
    0.0.0.0 recognized-activity.info
    0.0.0.0 recover-customers-service.info
    0.0.0.0 recovery-session-change.info
    0.0.0.0 service-recovery-session.info
    0.0.0.0 service-session-continue.info
    0.0.0.0 session-mail-customers,info
    0.0.0.0 session-managment.info
    0.0.0.0 session-verify-user.info
    0.0.0.0 shop-sellwear.info
    0.0.0.0 supportmailservice.info
    0.0.0.0 terms-service-notification.info
    0.0.0.0 user-activity-issues.info
    0.0.0.0 useridentity-confirm.info
    0.0.0.0 users-issue-services.info
    0.0.0.0 verify-user-session.info
    0.0.0.0 login-gov.info
    0.0.0.0 notification-signal-agnecy.info
    0.0.0.0 notifications-center.info
    0.0.0.0 identifier-services-sessions.info
    0.0.0.0 customers-manager.info
    0.0.0.0 session-manager,info
    0.0.0.0 customer-managers,info
    0.0.0.0 confirmation-recovery-options.info
    0.0.0.0 service-session-confirm.info
    0.0.0.0 session-recovery-options.info
    0.0.0.0 services-session-confirmation.info
    0.0.0.0 notification-managers.info
    0.0.0.0 activities-services-notification.info
    0.0.0.0 activities-recovery-options.info
    0.0.0.0 activity-session-recovery.info
    0.0.0.0 customers-services.info
    0.0.0.0 recovery-session-change,info
    0.0.0.0 notification-manager,info
    0.0.0.0 session-managment.info
    0.0.0.0 sessions-notification.info
    0.0.0.0 download-teamspeak.info
    0.0.0.0 services-issue-notification.info
    0.0.0.0 microsoft-upgrade.mobi
    0.0.0.0 broadcastnews.pro
    0.0.0.0 mobile-messengerplus.network
    0.0.0.0 sessions-identifier-memberemailid.network

    APK

    P.S.=> Just for "posterities sake" to BACK MYSELF w/ undisputable FACT as always (MS will sinkhole them now though is my guess)... apk

  9. And here's my MacOS version... apk by Anonymous Coward · · Score: 0

    See subject: APK Hosts File Engine 1.0++ 64-bit for MacOS h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r M a c O S . z i p

    Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

    Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!

    * ONLY 1 of its kind in GUI 4 MacOS!

    (Better vs. Windows model)

    APK

    P.S.=> Protects against ALL known & unknown vulnerabilities. Now supports port filters in hosts. My work is world-class & China copied it because they can't do better. I am God's gift to Slashdot... apk

  10. Re:Iranian State why? by Anonymous Coward · · Score: 0

    Gee, jealous much? Log off and go for a walk, your government needs you to work and pay taxes.

  11. Re:apk HOST 69 at the truck stop by Anonymous Coward · · Score: 0

    Hey JEALOUS Jowie APK asked you a question https://yro.slashdot.org/comme... why are you running away from it?

  12. Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · · Score: 0

    MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen https://news.slashdot.org/comm... in my work!

    u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.

    That's "best ya got"?

    u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).

    WASTING ur life STALKING me by UNIDENTIFIABLE anon OR IMPERSONATING me?

    Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:

    APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

    APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...

    APK

    P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...

  13. You're a fucking joke FAKENAME... apk by Anonymous Coward · · Score: 0

    See subject FAKE NAME FUCK - because that IS all YOU are fucker - don't like that? Too bad you do-NOTHING worthless little fuck.

    * :)

    (I've just described YOU perfectly & you KNOW it, BOY!)

    APK

    P.S.=> No balls bitch you are... apk

  14. God Bless Iran by Anonymous Coward · · Score: 0

    Nobody else is standing up to the Synagogue of Satan.

    1. Re:God Bless Iran by Anonymous Coward · · Score: 0

      Islam is a hate group.

      Israel needs to take over the whole of Palestine, to begin the long march towards banishing Islam from the planet.

    2. Re: God Bless Iran by Anonymous Coward · · Score: 0

      Hitler didn't kill enough of them.

  15. Re: Prove you have a home/job etc. ok? apk by Anonymous Coward · · Score: 0

    Actually I live under the bridge because I am apks gay marine ex roommate, he kicked me out when he started making bank at the trucker stop sucking cocks and balls, he got all proud about the dollar he earned and bought a house with.

  16. Re: Prove you have a home/job etc. ok? apk by Anonymous Coward · · Score: 0

    Apk's right about you. You have mental issues. Grow up. Quit being such a sick in the head psychotic loser.

  17. Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · · Score: 0

    u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.

    That's "best ya got"?

    u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).

    WASTING ur life STALKING me by UNIDENTIFIABLE anon OR IMPERSONATING me?

    Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:

    APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

    APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...

    APK

    P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...

  18. I had 'em blocked already in my hosts file... apk by Anonymous Coward · · Score: 0

    See subject - THIS is the WHY of why I do what I do (create the BEST single protective + speed mechanism there is, bar-none & NATIVELY!

    Proof #1/2 https://yro.slashdot.org/comme...

    Proof #2/2 https://yro.slashdot.org/comme...

    P.S.=> For the best hosts file multiplatform:

    APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)

    APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)

    Soon for MacOS too (I just got a NEW Mac-Mini to port it there)... apk

  19. Re:GAYpk HOST 69 at the truck stop by Anonymous Coward · · Score: 0

    You seriously have mental issues. Grow up. Do something useful instead of being a useless pest juvenile to everyone on slashdot.

  20. And here's my MacOS version... apk by Anonymous Coward · · Score: 0

    See subject: APK Hosts File Engine 1.0++ 64-bit for MacOS h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r M a c O S . z i p

    Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

    Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!

    * ONLY 1 of its kind in GUI 4 MacOS!

    (Better vs. Windows model)

    APK

    P.S.=> Protects against ALL known & unknown vulnerabilities. Now supports port filters in hosts. My work is world-class & China copied it because they can't do better. I am God's gift to Slashdot... apk

  21. Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · · Score: 0

    MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen https://news.slashdot.org/comm... in my work!

    u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.

    That's "best ya got"?

    u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).

    WASTING ur life STALKING me by UNIDENTIFIABLE anon OR IMPERSONATING me?

    Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:

    APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

    APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...

    APK

    P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...

  22. Re:GAYpk HOST 69 at the truck stop by Anonymous Coward · · Score: 0

    quit talking about yourself APK

  23. Re:GAYpk HOST 69 at the truck stop by Anonymous Coward · · Score: 0

    I'm not APK but I know I speak for the majority of slashdot in saying you are nothing more than an obvious misanthrope that hates yourself due to your own life failure compounded by harassing others you wish you were as solid as.

  24. APK is a mouthpiece for trucker dick by Anonymous Coward · · Score: 0

    You APK are a mouthpiece for trucker cock. I hear the line is getting pretty long over there unlike your micro penis.

    1. Re:APK is a mouthpiece for trucker dick by Anonymous Coward · · Score: 0

      Actually I strongly suspect you are all you say APK is seeing as you project it so much.

  25. Prove you have a home/job etc. ok? apk by Anonymous Coward · · Score: 0

    Prove you have a home/job etc. ok? This will be funnier than hell seeing you "flail" since trolls like you live under bridges w/ junkies, no home of your own (since you SHOT IT UP YOUR ARM, lol) let alone FULLY PAID OFF as I do (& I tossed another roughly 35k into it since 2010 to IMPROVE it) + a NICE CAR (soon to be CLASSIC sportscar in PERFECT CONDITION only 37k miles in 13++ yrs. I've owned it, Mobil 1 15k mile synthetic the WHOLE way (changed every 5k miles or so) too - perfect motor/body/tranny - you name it).

    * I also haven't HAD to work for ANYONE (other than myself) since 2007 & run my own VERY SUCCESSFUL BUSINESS!

    APK

    P.S.=> Additionally - PROVE you've done BETTER work than I have which DOZENS of REGISTERED /.ers like/use'/praise as I have that keeps folks safer/faster online (along w/ 200++k users worldwide) - prove it (lol - I KNOW you'll "Run, Forrest: RUN!!!" & WHY? Hell - you're JEALOUS "Lil' Jowie" the DO-NOTHING "ne'er-do-well" PSYCHO that STALKS me ALL DAY LONG on /. like the LOON LOSER you are proving yourself to be constantly)... apk

  26. Please sing all together... by LordHighExecutioner · · Score: 1

    99 domains from Iran on the net
    Take one down and pass it around, 98 domains from Iran on the net.

    98 domains from Iran on the net...

  27. Yes but what about... by Anonymous Coward · · Score: 0

    Yes but what about the other 3 remaining Iranian sites on the web?

  28. non-judicial vigilante organization by Anonymous Coward · · Score: 0

    always been concerned about Microsoft as a non-judicial vigilante organization doing whatever it wants to whoever it wants in the name of "cyber" whatever - for years and years everyone goes along with MS being the judge, jury, and executioner of all things "cyber" - when they have no authority