Express Computer
Home  »  Security  »  North Korea hackers targeted think tanks, activists: Microsoft

North Korea hackers targeted think tanks, activists: Microsoft

1 219

Microsoft has revealed that a North Korea-linked hacker group has stolen sensitive personal information of government employees, think tanks, university staff members, members of organisations focused on world peace and human rights, as well as individuals who work on nuclear proliferation related issues.

Microsoft has now gained control of 50 domains that the group uses to conduct its operations, the company said. With this action, the sites can no longer be used to execute attacks.

A court case against the hacker group, called Thallium, filed in the US District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of the web domains, Microsoft Customer Security and Trust Vice President Tom Burt said in a blog post.

Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) has been tracking and gathering information on Thallium, monitoring the group’s activities to establish and operate a network of websites, domains and Internet-connected computers.

This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information.

Most targets were based in the US, as well as Japan and South Korea, Burt said. Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing.

By gathering information about the targeted individuals from social media, public personnel directories from organisations the individual is involved with and other public sources, Thallium is able to craft a personalised spear-phishing email in a way that gives the email credibility to the target.

The link in the email redirects the user to a website requesting the user’s account credentials. By tricking victims into clicking on the fraudulent links and providing their credentials, Thallium is then able to log into the victim’s account.

Upon successful compromise of a victim account, Thallium can review emails, contact lists, calendar appointments and anything else of interest in the compromised account. The hackers often also creates a new mail forwarding rule in the victim’s account settings. This mail forwarding rule will forward all new emails received by the victim to Thallium-controlled accounts.

By using forwarding rules, Thallium can continue to see email received by the victim, even after the victim’s account password is updated.

“You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts,” Burt said.

“Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites and carefully check your email forwarding rules for any suspicious activity,” he added.

Get real time updates directly on you device, subscribe now.

1 Comment
  1. Target 20 off Coupon Code says

    This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image