The US Department of Justice (DOJ) has seized two Internet domains following a phishing campaign that impersonated the U.S. Agency for International Development (USAID) in order to distribute malware. The attacks were disclosed by Microsoft last Thursday. Microsoft stated that the campaign was conducted by NOBELIUM, a Russian state-affiliated hacking group also known as The Dukes, Cozy Bear, and APT29.
The DOJ has seized the domains worldhomeoutlet[.]com and theyardservice[.]com. The group used the domains to send phishing emails to 3,000 email accounts at over 150 different organizations. The phishing campaign extracts data from victims and sends malware to execute infected machines.