Microsoft Thwarts Spear Phishing Attack Believed to Originate From North Korea

By Paul Ausick Updated Jan 30, 11:42AM EST · Published Dec 31, 9:45AM EST

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Microsoft Thwarts Spear Phishing Attack Believed to Originate From North Korea — © scyther5 / iStock

Microsoft Corp. (NASDAQ: MSFT | MSFT Price Prediction) announced Monday that it had won a court order allowing the company to assume control of 50 domains used by a hacker group to attack targets in the United States, South Korea and Japan, among other nations. The group, known as Thallium, is believed to be based in North Korea and its targets included “government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues.”

The attacks, known as spear phishing, gathered personal user data from social media, public directories and other public sources and used the personal information to craft a realistic-looking email that directed recipients to a phony Microsoft website where users were tricked into providing personal information, including their usernames and passwords.

The hacker group then uses the harvested data to gather more personal information. Thallium also used malware to compromise systems and steal user and corporate data.

According to the Microsoft blog post announcing the court order, this is the fourth nation-state hacker group against which the company has filed similar charges and taken down domain names:

Previous disruptions have targeted Barium, operating from China, Strontium, operating from Russia, and Phosphorus, operating from Iran. These actions have resulted in the takedown of hundreds of domains, the protection of thousands of victims and improved the security of the ecosystem.

[nativounit]

In August of 2018, Microsoft shut down six domains associated with the Strontium attacker group, also known as Fancy Bear or APT28. The judge in the case concluded that there was “good cause” to believe that Strontium is “likely to continue” seeking to disrupt November 2018 U.S. elections. Microsoft shut down 84 websites associated with this group.

The attack associated with the Iran-based group known as Phosphorus (or APT 35, Charming Kitten and Ajax Security Team), resulted in an order allowing Microsoft to shut down 99 malicious websites.
[recirclink id=601089]
[wallst_email_signup]

About the Author Paul Ausick →

Paul Ausick has been writing for a673b.bigscoots-temp.com for more than a decade. He has written extensively on investing in the energy, defense, and technology sectors. In a previous life, he wrote technical documentation and managed a marketing communications group in Silicon Valley.

He has a bachelor's degree in English from the University of Chicago and now lives in Montana, where he fishes for trout in the summer and stays inside during the winter.