Microsoft Takes Control Of ‘Thallium’ Hacking Domains

Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed.

Redmond said that it had taken control of web domains used by Thallium to steal information.

The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that was targeting US conservative groups, when Microsoft security staff gained control of six net domains mimicking their websites.

Thallium takedown

But Microsoft has now been targetting a hacking group (Thallium) that is believed to be operating from North Korea.

This group of hackers have targeted government employees, think tanks, university staff members and individuals working on nuclear proliferation issues, mostly in the United States, Japan and South Korea.

But Microsoft has managed to seize control of the hacker’s web domains.

“On December 27, a US district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium, which is believed to operate from North Korea,” said Redmond in a blog posting.

“Our court case against Thallium, filed in the US District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations,” it said. “With this action, the sites can no longer be used to execute attacks.”

It seems that Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) had been tracking and gathering information on Thallium, and monitoring its activities to map out its network of websites, domains and internet-connected computers.

Spear-phishing

“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Microsoft.

“Based on victim information, the targets included government employees, think tanks, university staff members, members of organisations focused on world peace and human rights, and individuals that work on nuclear proliferation issues,” it added.

Thallium typically tricked its victims via spear phishing attacks, as the hackers targeted individuals from social media to create a personalised spear-phishing emails that appeared to be credible-looking.

Microsoft said it had taken control of 50 web domains used by the group to conduct its operations.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago