Microsoft says North Korea-Linked Hackers Stole Sensitive Information

Microsoft

Microsoft Corp said on Monday it has taken control of web domains which were used by a hacking group called “Thallium” to steal information.

Thallium is believed to be operating from North Korea, Microsoft said in a blog post, and the hackers targeted government employees, think tanks, university staff members and individuals working on nuclear proliferation issues, among others.

Most of the targets were based in the United States, as well as Japan and South Korea, the company said.

Also read: CISOs Believe Dedicated Cyber Security Investment Is Still Not Prioritized

Thallium tricked victims through a technique known as “spear phishing”, using credible-looking emails that appear legitimate at first glance.

Microsoft said it now has control of 50 web domains used by the group to conduct its operations, following a case filed against the hacking group in the U.S. District Court for the Eastern District of Virginia, and a subsequent court order.

Thallium also used malware to compromise systems and steal data, and is the fourth nation-state group against which Microsoft has taken legal action, the company said.

Also read: 4 Cyber Security Predictions to Watch Out for in 2020