Published On: Tue, Jul 20th, 2021

Microsoft secures justice sequence to take down antagonistic ‘homoglyph’ domains

Microsoft has cumulative a justice sequence to take down several antagonistic “homoglyph” domains that were used to burlesque Office 365 business and dedicate fraud. 

The record hulk filed a box progressing this month after it unclosed cybercriminal activity targeting a customers. After receiving a patron censure about a business email concede attack, a Microsoft review found that a unnamed rapist organisation responsible created 17 additional antagonistic domains, that were afterwards used together with stolen patron certification to unlawfully entrance and guard Office 365 accounts in an try to mistreat a customers’ contacts.

Microsoft reliable in a blog post published Monday that a decider in a Eastern District of Virginia released a justice sequence requiring domain registrars to invalidate use on a antagonistic domains, that embody “” and “,” that were used to burlesque a customers.

These supposed “homoglyph” domains feat a similarities of some letters to emanate false domains that seem legitimate. For example, regulating an uppercase “I” and a lowercase “l” (e.g. MICROSOFT.COM vs. MlCROSOFT.COM). 

“These were together with stolen patron certification to unlawfully entrance patron accounts, guard patron email traffic, accumulate comprehension on tentative financial transactions, and criminally burlesque [Office 365] customers, all in an try to mistreat their victims into transferring supports to a cybercriminals,” Microsoft pronounced in a complaint, adding that a cybercriminals “have caused and continue to means lost damage to Microsoft, a customers, and a public.”

In one instance, for example, a criminals identified a legitimate email from a compromised comment of an Office 365 patron referencing remuneration issues. Capitalizing on this information, a criminals sent an email from a homoglyph domain regulating a same sender name and scarcely matching domain. They also used a same theme line and format of an email from a earlier, legitimate conversation, though personally claimed a reason had been placed on a comment by a arch financial officer and that remuneration indispensable to be perceived as shortly as possible.

The cybercriminals afterwards attempted to appeal a fake handle send by promulgation new handle send information appearing to be legitimate, including regulating a trademark of a association they were impersonating.

Microsoft records that while these criminals will typically pierce their antagonistic infrastructure outward a Microsoft ecosystem once detected, a sequence — postulated on Friday — eliminates defendants’ ability to pierce these domains to other providers. 

“The movement will serve concede us to lessen a criminals’ capabilities and, some-more importantly, obtain additional justification to commence serve disruptions inside and outward court,” pronounced Amy Hogan-Burney, ubiquitous manager of Microsoft’s Digital Crime Unit.

The tech hulk hasn’t nonetheless disclosed a identities of a cybercriminals obliged for a BEC attacks, though pronounced that “based on a techniques deployed, a criminals seem to be financially motivated, and we trust they are partial of an endless network that appears to be formed out of West Africa.” The targets of a operation were primarily tiny businesses handling in North America opposite several industries, according to Microsoft.

This isn’t a initial time Microsoft cumulative a justice sequence to step adult a quarrel opposite cybercriminals and identical attacks, that investigate shows influenced 71% of businesses in 2021. Last year, a justice postulated a tech giant’s ask to seize and take control of antagonistic web domains used in a large-scale cyberattack targeting victims in 62 countries with spoofed COVID-19 emails. 

Microsoft personally seized domains used in COVID-19-themed email cyberattacks

About the Author