BeQuiet Jubiläum Banner 970x90
Breaking News

Ultimate Ears Launches New Editions of Award-Winning WONDERBOOM and HYPERBOOM Speakers Reach New Levels of Total Immersion with Logitech Chorus for Meta Quest 2 Lucky number Android 13: The latest features and updates CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs TEAMGROUP Announces MP44L M.2 PCIe 4.0 SSD with the Industry's First Heat Dissipating Graphene SSD Label for an Upgraded Cooling Performance

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Microsoft Takes Court Action Against North Korean Cybercrime Group

Microsoft Takes Court Action Against North Korean Cybercrime Group

Enterprise & IT Dec 31,2019 0

On December 27, a U.S. district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group Microsoft calls Thallium, which is believed to operate from North Korea.

The court case against Thallium, filed in the U.S. District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations. With this action, the sites can no longer be used to execute attacks.

Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking and gathering information on Thallium, monitoring the group’s activities to establish and operate a network of websites, domains and internet-connected computers. Microsoft said that the network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information. Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the U.S., as well as Japan and South Korea.

Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing. By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target. The content is designed to appear legitimate, but closer review shows that Thallium has spoofed the sender by combining the letters “r” and “n” to appear as the first letter “m” in “microsoft.com.”

The link in the email redirects the user to a website requesting the user’s account credentials. By tricking victims into clicking on the fraudulent links and providing their credentials, Thallium is then able to log into the victim’s account. Upon successful compromise of a victim account, Thallium can review emails, contact lists, calendar appointments and anything else of interest in the compromised account. Thallium often also creates a new mail forwarding rule in the victim’s account settings. This mail forwarding rule will forward all new emails received by the victim to Thallium-controlled accounts. By using forwarding rules, Thallium can continue to see email received by the victim, even after the victim’s account password is updated.

In addition to targeting user credentials, Thallium also utilizes malware to compromise systems and steal data. Once installed on a victim’s computer, this malware exfiltrates information from it, maintains a persistent presence and waits for further instructions. The Thallium threat actors have utilized known malware named “BabyShark” and “KimJongRAT.”

This is the fourth nation-state activity group against which Microsoft has filed similar legal actions to take down malicious domain infrastructure. Previous disruptions have targeted Barium, operating from China, Strontium, operating from Russia, and Phosphorus, operating from Iran.

Microsoft recommends, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites and carefully check your email forwarding rules for any suspicious activity.

Tags: cybercrimeCybersecurityCyber AttackMicrosoft
Previous Post
Huawei's Smartphones Sell Well, But Company Expects Difficulties in 2020
Next Post
Facebook Fined Over Cambridge Analytica Scandal Again

Related Posts

  • Samsung and Microsoft Partner to Bring The Xbox App to Samsung Gaming Hub

  • Apple, Google, and Microsoft commit to expanded support for FIDO standard

  • Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device

  • Introducing new Surface products, built for Windows 11

  • Introducing Windows 11

  • Microsoft announces Surface Laptop 4

  • Whats best for you MAC or PC?

  • Microsoft Introduces Surface Pro 7+

BeQuiet Jubiläum Banner 300x600

 

Latest News

Ultimate Ears Launches New Editions of Award-Winning WONDERBOOM and HYPERBOOM Speakers
Consumer Electronics

Ultimate Ears Launches New Editions of Award-Winning WONDERBOOM and HYPERBOOM Speakers

Reach New Levels of Total Immersion with Logitech Chorus for Meta Quest 2
Consumer Electronics

Reach New Levels of Total Immersion with Logitech Chorus for Meta Quest 2

Lucky number Android 13: The latest features and updates
Consumer Electronics

Lucky number Android 13: The latest features and updates

CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs
PC components

CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs

TEAMGROUP Announces MP44L M.2 PCIe 4.0 SSD with the Industry's First Heat Dissipating Graphene SSD Label for an Upgraded Cooling Performance
PC components

TEAMGROUP Announces MP44L M.2 PCIe 4.0 SSD with the Industry's First Heat Dissipating Graphene SSD Label for an Upgraded Cooling Performance

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Main menu

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed