The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world. Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers.
The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team.
APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today.
Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.
Companies often use court orders to take over domains that infringe on their trademark and copyrights. However, over the past year, Microsoft has been using this legal trickery to fight off hacker groups as well.
Further, this isn't the first time Microsoft has used a court order to take over domains that were previously under the control of government-backed cyber-espionage groups.