According to a report by Associated Press, Microsoft has seized 99 Iranian websites that were supposedly stealing information and launching cyber attacks. The report also said that it had been tracking the group of hackers since 2013.
The hackers were targeting people in the middle east to steal sensitive information by using the malicious websites that were disguised as Microsoft, Linkedin, Outlook and Windows products. Microsoft confirmed in a court filing that this group was stealing information about reporters, activists, political people including “ protesting oppressive regimes”.
The hackers are from Iran but the Tehran government has denied any hacking activity from their end. In the past also Iran government has denied any hacking attempts from their end.
Allison Wikoff, a security researcher at Atlanta-based SecureWorks told Associated Press that according to her observation it is one of the “more active Iranian threat groups”. She further added that Microsoft analyze fake domains through analyzing traffics to protect against fake domains and the practice is popularly called as “sinkholing”.In the past also, Microsoft has used “sinkholing” to seize fake domains made by Russian hackers back in 2016.