A few hours ago, Microsoft announced that they have taken legal action against Thallium (also known as APT37): a group of hackers that are supposedly based in North Korea.
Through a post blog, Microsoft suspects that Thallium operates from North Korea and that this group of hackers are behind attacks aimed at government workers, research centres or people working on nuclear proliferation issues.
According to Microsoft, most of the goals were in the United States, Japan and South Korea. They accuse this network of “infecting the computers” of the victims and thus “stealing sensitive information”.
“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information”
Phishing pages and emails
The statement is signed by Tom Burt, vice president of trust and consumer safety at Microsoft. Burt announced that they have filed a lawsuit against this group before the U.S. District Court for the Eastern District of Virginia.
Microsoft claims that at least 50 domains were used to launch cyberattacks and US authorities. They granted the company a court order to take control of those domains.
Domains were used to send phishing emails and host phishing pages. Thallium hackers attracted victims to these websites stole their credentials and then gained access to internal networks, from where they escalated their attacks even more.
Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing. By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target
It is not the first time that Microsoft takes legal action against a group of hackers. At the entrance, Burt recalls that in the past they have taken action against Barium (of China), Strontium (Russia) and Phosphorus (Iran).
:%20a%20group%20of%20hackers%20that%20are%20supposedly%20based%20in%20North%20Korea.){kind=link}