Microsoft has been given the legal right to seize control of 99 websites associated with an Iranian hacker organization, thanks to a court order this week. The company announced it initiated court action against a threat group called Phosphorus.

“Microsoft’s Digital Crimes Unit has executed work to disrupt cyberattacks from a threat group we call Phosphorus which is widely associated with Iranian hackers,” Microsoft corporate vice president Tom Burt writes in blog post.

Phosphorus is the name Microsoft has given to the group, but it is also known as the Ajax Security Team, APT 35, and Charming Kitten. Microsoft says it has been following the group’s actions since 2013 and knows it has hacked several organizations, individuals, and governments.

Burt explains Phosphorus uses human engineering to trick people and gain system access:

“Phosphorus typically attempts to compromise the personal accounts of individuals through a technique known as spear-phishing, using social engineering to entice someone to click on a link, sometimes sent through fake social media accounts that appear to belong to friendly contacts,” Burt says.

“Phosphorus also uses a technique whereby it sends people an email that makes it seem as if there’s a security risk to their accounts, prompting them to enter their credentials into a web form that enables the group to capture their passwords and gain access to their systems.”


Leveraging daily security data has allowed Microsoft to track and prevent Phosphorus attacks. However, the court order allows the company to take further action, including taking control of websites that are a core part of the group’s operations.

“Our court case against Phosphorus resulted in a court order enabling us last week to take control of 99 websites the group uses to conduct its hacking operations so the sites can no longer be used to execute attacks.”

Burt says Microsoft has been assisted by other companies in clamping down on the hacking group. He mentions Yahoo as a key part of the operation to prevent attacks.