Microsoft Takes Control Of ‘Thallium’ Hacking Domains

Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed.

Redmond said that it had taken control of web domains used by Thallium to steal information.

The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that was targeting US conservative groups, when Microsoft security staff gained control of six net domains mimicking their websites.

Thallium takedown

But Microsoft has now been targetting a hacking group (Thallium) that is believed to be operating from North Korea.

This group of hackers have targeted government employees, think tanks, university staff members and individuals working on nuclear proliferation issues, mostly in the United States, Japan and South Korea.

But Microsoft has managed to seize control of the hacker’s web domains.

“On December 27, a US district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium, which is believed to operate from North Korea,” said Redmond in a blog posting.

“Our court case against Thallium, filed in the US District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations,” it said. “With this action, the sites can no longer be used to execute attacks.”

It seems that Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) had been tracking and gathering information on Thallium, and monitoring its activities to map out its network of websites, domains and internet-connected computers.

Spear-phishing

“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Microsoft.

“Based on victim information, the targets included government employees, think tanks, university staff members, members of organisations focused on world peace and human rights, and individuals that work on nuclear proliferation issues,” it added.

Thallium typically tricked its victims via spear phishing attacks, as the hackers targeted individuals from social media to create a personalised spear-phishing emails that appeared to be credible-looking.

Microsoft said it had taken control of 50 web domains used by the group to conduct its operations.

Do you know all about security? Try our quiz!