Microsoft has just taken control over North-Korean hacking community, ‘Thallium’ operated web domains those were used to steal information from US, Japan and South Korean users. These hacker group used a fake email that seems licit at first glance, a technique called ‘spear phishing’.
U.S. District Court enabled Microsoft on taking control over 50 domains of Thallium, as the tech giant filed a case against them.
Thallium’s activities have been being tracked by Microsoft Threat Intelligence Center (MSTIC) and Microsoft’s Digital Crimes Unit (DCU). Thallium established a network to compromise victim’s online account, cyber security and steal their sensitive information by infecting their computers. The victims were mainly the government employees, staff members of universities and world peace and human right organizations and nuclear proliferation workers from U.S, Japan and South Korea.
Thallium used social media, public directories and sources to collect information of the victims, as other cyber criminals do.
The hacker group fooled people using an email that seems to be legitimate at first look, as example, ‘accountprotection.rnicrosoft.com’ that looks like a Microsoft email but if you look carefully you see it’s ‘r’ and ‘n’ but not ‘m’ for at first letter of ‘microsoft.com’. that email will redirect you to another account that is used to steal your account credentials. Thallium will then able to access your account and steal your information.
Besides, Thallium also used malware named “BabyShark” and “KimJongRAT.” To compromise computer system.
This is microsoft’s fourth nation-state legal activity to knock down a hypocritical domain infrastructure.