Microsoft said Tuesday that it’s taken legal action to stop a widespread COVID-19-related hacking campaign. The lawsuit, unsealed in the US District Court for the Eastern District of Virginia, allowed the tech giant to take control of domains that hackers were using to trick their victims.
Cyberattacks have spiked during the coronavirus pandemic, with more people working from home and most business discussions happening online. Scams surrounding the infectious disease have flooded the internet, with the FBI’s Internet Crimes Complaint Center receiving 20,000 coronavirus-related reports this year.
Microsoft said it worked to stop a hacking campaign targeting businesses in 62 countries with cyberattacks linked to COVID-19. In a blog post Tuesday, Tom Burt, corporate vice president for customer security and trust at Microsoft, said the campaign sent millions of phishing emails out to potential victims.
The tech giant said it first spotted the hacking campaign in December, and saw the tactics change to focus on COVID-19 to trick its victims as the schemes progressed. The emails would pose as business discussions, sending out files like “Q4 Report — Dec19.”
If someone fell for the trick, it would ask them to give permissions to a fake app posing as Office 365 called “0365 Access.” That would allow hackers to see emails and notes, and have full access to files and contacts on the account. The attackers used that access to steal company information and redirect wire transfers, according to Microsoft’s lawsuit filed June 30.
After the pandemic began, the attacks started using COVID-19 as traps, with files like “COVID-19 Bonus.xlsx” attached to the emails. The attacks were targeted at executives and business leaders, according to court documents. The company declined to disclose how many people clicked on the links.
Microsoft said it stopped this hacking campaign by suing to take over the domains pretending to be the company. Its lawsuit claims that the hackers misused Microsoft’s name and trademarks in its scheme. The company found at least six domain names pretending to be Microsoft’s website to trick victims.
“This unique civil case against COVID-19-themed BEC attacks has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers,” Burt said.
This isn’t the first time Microsoft has used the courts as a way to block hacking efforts. In December, Microsoft announced a lawsuit against North Korean hackers to take over 50 domains pretending to come from the tech giant, and it’s also done the same for hacking groups from Russia and Iran.
A Microsoft spokesman said that the COVID-19-related scams didn’t come from a nation-state attacker, but declined to comment on who was behind the hacking campaign.