Microsoft now controls 99 websites previously used by Iran-linked hackers to steal information from private companies and government agencies in the U.S., according to recently released court documents.
Tom Burt, corporate vice president of customer security and trust at Microsoft, wrote in a blog posted Wednesday that the websites were used for spear-phishing by the Phosphorus threat group, also known as APT 35, Charming Kitten and Ajax Security Team.
The U.S. District Court for Washington, D.C., allowed Microsoft to hack into Phosphorus websites after the company filed a case against the group for using its products in its hacking operations.
The seized sites include outlook-verify.net, yahoo-verify.net, verification-live.com and myaccount-services.net.
“Our work to track Phosphorus over multiple years and observe its activity enabled us to build a decisive legal case and execute last week’s action with confidence we could have significant impact on the group’s infrastructure,” Burt said.
Microsoft started tracking Phosphorus in 2013 after it found the hackers copied some of its products, including LinkedIn, OneDrive and Hotmail.
Burt said the intelligence gained from the websites will be shared with Microsoft security products and services to guide future detection and protections for customers.