Microsoft Takes Control Of ‘Thallium’ Hacking Domains

Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed.

Redmond said that it had taken control of web domains used by Thallium to steal information.

The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that was targeting US conservative groups, when Microsoft security staff gained control of six net domains mimicking their websites.

Thallium takedown

But Microsoft has now been targetting a hacking group (Thallium) that is believed to be operating from North Korea.

This group of hackers have targeted government employees, think tanks, university staff members and individuals working on nuclear proliferation issues, mostly in the United States, Japan and South Korea.

But Microsoft has managed to seize control of the hacker’s web domains.

“On December 27, a US district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium, which is believed to operate from North Korea,” said Redmond in a blog posting.

“Our court case against Thallium, filed in the US District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations,” it said. “With this action, the sites can no longer be used to execute attacks.”

It seems that Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) had been tracking and gathering information on Thallium, and monitoring its activities to map out its network of websites, domains and internet-connected computers.


“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Microsoft.

“Based on victim information, the targets included government employees, think tanks, university staff members, members of organisations focused on world peace and human rights, and individuals that work on nuclear proliferation issues,” it added.

Thallium typically tricked its victims via spear phishing attacks, as the hackers targeted individuals from social media to create a personalised spear-phishing emails that appeared to be credible-looking.

Microsoft said it had taken control of 50 web domains used by the group to conduct its operations.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Tesla Reaches $1 Trillion Valuation

Car maker Tesla now worth at least double that of Toyota, Volkswagen and Ford combined,…

18 hours ago

Australia Funds Telstra Buy Of Digicel Pacific To Thwart China

Strategic blocking? Australian government joins forces with Telstra to acquire Digicel Pacific, after interest from…

19 hours ago

Apple ‘Very Likely’ To Face DoJ Antitrust Lawsuit – Report

Two year investigation by Department of Justice of tech giants has seen acceleration of Apple…

20 hours ago

France Holds Secret Talks With Israel Over NSO Spyware

Top adviser to French President holds talks with Israeli counterpart to discuss NSO spyware allegedly…

21 hours ago

Facebook Making Online Hate Worse, Whistleblower Tells MPs

Frances Haugen answered questions from the UK parliament's Joint Committee on Monday, after cache of…

23 hours ago