logo
Plus   Neg
Share
Email

Microsoft Seizes Web Domains From North Korea-linked Hacker Group

microsoft-aug15_01jan20-lt.jpg

Microsoft said it has taken control of 50 web domains used by a hacker group called Thallium, believed to operate from North Korea.

In a blog post, the software giant said that in December, it filed a lawsuit in the U.S. District Court for the Eastern District of Virginia against a group of hackers who operated Thallium.

The court order enabled Microsoft to take control of the domains used by the group to conduct its operations. These sites can no longer be used by the hacking group.

Some of the domains include operated by the hackers included copycat URLs such as "office356-us.org", "outlook.mai1.info" and "hotrnail.com."

According to Microsoft, Thallium is a network of websites, domains and internet-connected computers used by the hackers to break into the Microsoft accounts as well as computer networks of the company's customers and steal highly sensitive information.

Thallium targeted government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the U.S., Japan and South Korea.

Thallium typically attempted to trick victims through a technique known as spear phishing.

After collecting information about the targeted individuals from social media, public personnel directories from organizations the individual was involved with and other public sources, Thallium crafted a personalized spear-phishing email in a way that gave the email credibility to the target.

In addition to targeting user credentials, Thallium also utilized malware named "BabyShark" and "KingJongRAT" to compromise systems and steal data from the victims' systems.

Thallium is the fourth nation-state activity group against which Microsoft filed legal actions, and follows similar moves against operations from China, Russia and Iran, known as Barium, Strontium and Phosphorous, respectively.

For comments and feedback contact: editorial@rttnews.com

Business News

Follow RTT
>