Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Microsoft Seizes Web Domains Used by North Korean Hackers

Microsoft said Monday it obtained a court order allowing it to seize web domains used by North Korean hacking groups to launch cyberattacks on human rights activists, researchers and others.

Microsoft said Monday it obtained a court order allowing it to seize web domains used by North Korean hacking groups to launch cyberattacks on human rights activists, researchers and others.

The US technology giant said a federal court allowed it to take control of 50 domains operated by a group dubbed Thallium, which tricked online users by fraudulently using Microsoft brands and trademarks.

“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Tom Burt, Microsoft’s vice president for customer security and trust.

“Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the US, as well as Japan and South Korea.”

Microsoft, which had been investigating the group through its Digital Crimes Unit and Threat Intelligence Center, said the hacking group sent spoofed emails that appeared to come from Microsoft which tricked users into revealing their login credentials, a technique known as spear phishing.

“By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target,” Burt said.

After getting the victim’s credentials, the hackers can access emails, contact lists, calendar appointments and other data and often forwards any new emails to the attackers.

The hackers also used malicious software which can access other data on a victim’s computer.

Advertisement. Scroll to continue reading.

An order from a US federal court in Virginia allowed Microsoft to take control of the domains, meaning “the sites can no longer be used to execute attacks,” Burt said.

Microsoft said this was the fourth nation-state group it has acted against and follows similar moves against operations from China, Russia and Iran, dubbed Barium, Strontium and Phosphorus, respectively.

RelatedMicrosoft Takes Control of 99 Domains Used by Iranian Cyberspies

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.