Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group


Thallium nation-state threat group used the domains to target mostly US victims.



Microsoft this week announced it had gained a court order to take control of 50 domains used by a threat group believed to operate out of North Korea.
The US District Court order effectively allowed Microsoft to shut down the domains, which had been used by the so-called Thallium hacking group to target government employees, think tanks, universities, and organizations associated with human rights work and nuclear proliferation — most of them in the US, but also some in Japan and South Korea.
Thallium employs spearphishing attacks, some of which portend to come from Microsoft, in order to fool the victims into giving up their email account credentials. According to Microsoft, Thallium typically sets up a mail-forwarding rule in the hacked email account that allows the attackers to receive the victims emails, even when the victim changes his or her password. 
The group is known for planting a backdoor known as BabyShark and KimJongRAT on the victims machine.
The legal action by Microsoft follows previous such takedowns by the company of a Chinese nation-state group called Barium, a Russian nation-state group called Strontium, and an Iran-based group called Phosphorus.
We think its critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet, Tom Burt, corporate vice president of customer security and trust at Microsoft, wrote in blog post today announcing the legal action. 
Read the full post
here

 
Check out 
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
SIM Swapping Attacks: What They Are & How to Stop Them
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group