Microsoft takes action against hackers from North Korea
The security threat came from a group known as Thallium, which reportedly is based in North Korea. The group used a technique called ‘spear phishing’ to steal sensitive information, in which the group replicated the form and design of a genuine Microsoft security email while embedding dangerous links that, when clicked, would allow the group to extract sensitive account information.
According to the Washington-based firm, the threat was focused on users affiliated with the government, universities, human rights groups, and other organizations, with most of the victims concentrated in the US, Japan, and South Korea.
The particularly dangerous part of the scheme is that once Thallium takes control of an account in this way, it is possible for it to set up automatic forwarding in a way that gives the group access to any new emails the victim receives, even after the password is reset.
The cybercrime group was able to use this method by using domains such as “rniscoroft.com”, which uses the combination of ‘r’ and ‘n’ to facsimile the authentic Microsoft domain. Thus, the Windows company filed a court case and was able to take control of 50 such domains in order to stop the attacks.
Microsoft states that this is the fourth nation-state cybercrime group they have taken legal action against. The security threat has hopefully now been neutralized, but users are advised to be wary of suspicious emails and always check carefully before clicking email links or entering sensitive information.