Microsoft has been successful in blocking 50 domains that were hijacked by a group of North Korean hackers. The corporation ran a campaign against the cyber-crimes. The domain blocking was done under the federal court order permission. Hackers intended cyber attacks on government officials, researchers, and human rights activists.
The hacker’s group was called Thallium. They tricked users into using Microsoft products and then hack their domains for obtaining sensitive information.
The vice president of Microsoft for customer trust and security Tom Burt said: “This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information. He further added “Based on the Victim’s information, the targets include government employees, university staff members, think tanks, members of the organization focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most of the targets were based in the USA, as well as Japan and South Korea.
Microsoft has been searching for this group via Digital Crime unite and Threat Intelligence Center. Upon investigation, the Intelligence agency told that “Thallium” also sent spoofed emails to the victims that appeared to be from Microsoft. The main purpose behind the mails is to trick people into exposing their personal information and login credentials. This technique is formally known as Phishing.
Burt further explained: “By gathering information about the targeted individual from the social media, public personnel directories from the organization the individual is involved with and other public sources, Thallium can craft a personal spear-phishing email in a way that gives the email credibility to the target.”
Once the victim’s information is obtained by the hackers, they access victims’ contact lists, calendar appointments, emails, and other information. Besides, hackers use unique malicious software for accessing files saved in the victim’s computer.
According to Microsoft, this is the fourth nation-state group hacking attack that the corporation had acted upon. Before this, Iran, China, and Russia made similar hacking moves against Microsoft.