Microsoft Seizes Web Domains Used by North Korean Hackers

On Monday, Microsoft said that it secured a court order which allowed it to take hold of web domains used by North Korean hacking groups to set upcyber-attacks on human rights activists, researchers and others.

“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Tom Burt, Microsoft’s vice president for customer security and trust.

The US technology giant said a federal court allowed it to take control of 50 domains operated by a group dubbed Thallium, which tricked online users by fraudulently using Microsoft brands and trademarks.

“Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the US, as well as Japan and South Korea.”

Microsoft, which had been investigating the group through its Digital Crimes Unit and Threat Intelligence Center, said the hacking group sent spoofed emails that appeared to come from Microsoft which tricked users into revealing their login credentials, a technique known as spear phishing.

Burt said , “By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear phishing email in a way that gives the email credibility to the target.”