Microsoft has taken control of 99 websites that have been used by a primarily Iranian hacker group, called Prosphoras by the company, which targets government agencies as well as journalists and activists to steal sensitive data. The company's Digital Crimes Unit and Threat Intelligence Center have been investigating the hacker group since 2013, and the Redmond giant has since been able to obtain a court order that allowed them to take control of the websites used for their malicious purposes.
Prosphoras uses multiple methods to hack into the private accounts of its victims. For starters, a technique known as spear-phishing is used, where they use social media to send fake links such as outlook-verified.net, verification-live.net, or myaccount-services.net which link to malicious software used to hack into the user’s private computer systems. Another method used is sending the victim an email that supposedly warns them of a security risk to their accounts, redirecting them to a link to enter their credentials into a form that captures their passwords and gives the hackers access to the accounts.
Over the years, Microsoft has been able to use data security analytics tracking to stop the individual attacks and inform victims of such malicious actions. Thanks to the company's efforts in tracking the hacker group over the years, it was able to build a legal case that allowed them to take control of the 99 websites, and will redirect the traffic from infected devices to the its digital Crime Unit sinkhole. This will allow it to collect information which will be added to the Microsoft Threat Intelligence Center to improve detections and further protect its customers.
Microsoft has also worked closely with Yahoo in sharing threat information and cooperatively stopping malicious hacks. The tech giant has also worked with various domain hosting companies in transferring ownership of the domains previously used for hacking to itself after the court order was granted.