- Microsoft has taken control of 50 web domains from a North Korea-linked hacker group
In a blog post, Microsoft Corp. VP of Customer Security & Trust Tom Burt announced that the company has taken control of web domains used by a North Korea-linked hacker group called “Thallium” for stealing information.
The Thallium hacking group was targeting government employees, university staff members, and people working on nuclear projects. Most of the targets were based in the U.S., but the hacker group was also targeting individuals in Japan and South Korea.
Thallium was known for tricking victims using “spear phishing” tactics. This means it uses emails that appear credible, but tricked people into submitting information like names and passwords.
“Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing. By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target,” wrote Burt while referring to an example of a tactic that the hacker group used to dupe users. “The content is designed to appear legitimate, but closer review shows that Thallium has spoofed the sender by combining the letters ‘r’ and ’n’ to appear as the first letter ‘m’ in ‘microsoft.com.’”
Microsoft was able to obtain control of 50 web domains used by the hacker group following a case filed against the hacker group in the U.S. District Court for the Eastern District of Virginia and a court order.
This is the fourth nation-state group that Microsoft took legal action against.
“As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today. We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet,” Burt added. “We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”
