'Thallium' nation-state threat group used the domains to target mostly US victims.
Microsoft this week announced it had gained a court order to take control of 50 domains used by a threat group believed to operate out of North Korea.
The US District Court order effectively allowed Microsoft to shut down the domains, which had been used by the so-called Thallium hacking group to target government employees, think tanks, universities, and organizations associated with human rights work and nuclear proliferation — most of them in the US, but also some in Japan and South Korea.
Thallium employs spearphishing attacks, some of which portend to come from Microsoft, in order to fool the victims into giving up their email account credentials. According to Microsoft, Thallium typically sets up a mail-forwarding rule in the hacked email account that allows the attackers to receive the victim's emails, even when the victim changes his or her password.
The group is known for planting a backdoor known as BabyShark and KimJongRAT on the victim's machine.
The legal action by Microsoft follows previous such takedowns by the company of a Chinese nation-state group called Barium, a Russian nation-state group called Strontium, and an Iran-based group called Phosphorus.
"We think it's critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet," Tom Burt, corporate vice president of customer security and trust at Microsoft, wrote in blog post today announcing the legal action.
Read the full post here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "SIM Swapping Attacks: What They Are & How to Stop Them."
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024