The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks.
The two domains seized by the DOJ are theyardservice[.]com and worldhomeoutlet[.]com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines.
Microsoft first disclosed these attacks last Thursday and stated that they were conducted by a Russian state-affiliated hacking group known as NOBELIUM (APT29, Cozy Bear, and The Dukes). This group is believed to be affiliated with the Russian Foreign Intelligence Service (SVR), a Russian intelligence service.