Microsoft says North Korean cyber espionage group stole sensitive information

Platform Industry: Hackers and cyber security

Microsoft Corp stated in a blog entry posted yesterday that it has taken control of 50 web domains which were used by a cyber espionage and hacking group called “Thallium” to steal information.

This follows a case filed on the 18th of December against the hacking group, who are also known as Apt37 in the US District Court for the Eastern District of Virginia and a subsequent post-Christmas court order.

Thallium is thought to to be operating out of North Korea. The group targeted public sector employees, university staff members, various think tanks and individuals working on ‘hot’ topics such as nuclear proliferation using a technique known as “spear phishing”. This is where hackers use credible-looking Email addresses that appear legitimate. Once the recipient of the Email had clicked on a link, they would then steal their credentials, and thus gain access to any internal networks.

Thallium also used malware to compromise systems and steal data. It is now the fourth government-backed group against which Microsoft has taken legal action, the company said.

Most of the targets were based in the US, as well as South Korea and Japan.

Related article:
Microsoft revenue beats as remote work boosts Teams

The blog entry, posted by Tom Burt, who is Microsoft’s Corporate Vice President, Customer Security & Trust can be found here.

Share this Article