Microsoft Takes Control Of ‘Thallium’ Hacking Domains

Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed.

Redmond said that it had taken control of web domains used by Thallium to steal information.

The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that was targeting US conservative groups, when Microsoft security staff gained control of six net domains mimicking their websites.

Thallium takedown

But Microsoft has now been targetting a hacking group (Thallium) that is believed to be operating from North Korea.

This group of hackers have targeted government employees, think tanks, university staff members and individuals working on nuclear proliferation issues, mostly in the United States, Japan and South Korea.

But Microsoft has managed to seize control of the hacker’s web domains.

“On December 27, a US district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium, which is believed to operate from North Korea,” said Redmond in a blog posting.

“Our court case against Thallium, filed in the US District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations,” it said. “With this action, the sites can no longer be used to execute attacks.”

It seems that Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) had been tracking and gathering information on Thallium, and monitoring its activities to map out its network of websites, domains and internet-connected computers.

Spear-phishing

“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Microsoft.

“Based on victim information, the targets included government employees, think tanks, university staff members, members of organisations focused on world peace and human rights, and individuals that work on nuclear proliferation issues,” it added.

Thallium typically tricked its victims via spear phishing attacks, as the hackers targeted individuals from social media to create a personalised spear-phishing emails that appeared to be credible-looking.

Microsoft said it had taken control of 50 web domains used by the group to conduct its operations.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago