Friday, January 3, 2019
Microsoft, a company that most of us know for its Operating systems, has recently taken control of domains used by Thallium, a hacking group from North Korea. The officials from Microsoft stated that the hackers used the 50 fields to initiate phishing attacks on internet users all over the world. Thallium’s major targets have been countries like South Korea, Japan, and the United States.
Microsoft filed a lawsuit against the hacking group in the U.S. District Court stating the pieces of evidence it had of the attacks attempted by them. The U.S. District Court for the Eastern District of Virginia ordered the company to take full control of all the 50 domains that were being misused by Thallium. The domains are currently under Microsoft’s control and hence don’t pose any cyber-threat.
The Digital Crimes Unit at Microsoft along with the Microsoft Threat Intelligence Center, MSTIC reported to have tracked Thallium for several months and collected the cyber-crime pieces of evidence. Microsoft mentioned that Thallium was using these domains to send phishing emails that contained a malicious link to trick the users to click and enter their details which would be stored in the hacker’s database. This method of cyber-attack is more commonly known as spear-phishing. The main motive of the group was to install malware, Remote Access Trojans(RATs) like Baby Shark and KimJongRAT that would allow them to gain remote access to execute commands on the user’s devices.
Microsoft has taken over such cyber-crimes in the past too, out of which the seize of 99 domains operated by an Iran based group named Phosphorus took place recently in May of 2019. Prior to this, the company also took hold of 84 domains of a Russian Cyber-crime group referred to as Strontium in August 2018.
Tech-giants like Microsoft are constantly working to keep the internet safe from cyber-threats lurking in our emails and webpages we visit.