The effort included a court order from the US District Court for the Northern District of Georgia that allowed Microsoft to seize 65 internet domains used by the hacking group behind widely used malware known as ZLoader, Microsoft said.
Since surfacing in 2019, ZLoader has been used in an array of financially motivated hacking schemes — many of them aimed at organizations in North America. The hackers have also been involved in a tool for deploying a type of ransomware that has to be used in hacks against health care organizations, according to Microsoft.
Microsoft said it identified one of the people involved in the hacking enterprise and that it referred information to law enforcement authorities.
The US Justice Department did not respond to a request for comment.
Other cybersecurity firms involved in the takedown included US companies Lumen and Palo Alto Networks, and Slovakia-based ESET.
It’s just the latest corporate or government effort to dismantle computer infrastructure, which is often registered in the United States, used by cybercriminals or intelligence operatives.
Microsoft said last week that it had used another court order to disable seven internet domains that a hacking group linked with Russian intelligence was using in a likely effort to support Russia’s war in Ukraine.
The actions are far from fatal blows to the hacking groups, but it’s an important effort to make it harder for them to operate.
“Each time we have a successful takedown like this, we increase the cost for them to do business and set the example for their successors that there is increased risk associated with their malicious activities,” said Wendi Whitmore, head of Palo Alto Network’s Unit 42 threat intelligence section.
