Microsoft takes down 50 North Korean hacker domains
The holidays here in America mean that for a good, solid two weeks, nothing much happens. While we're on vacation, though, hackers are still hacking things. Microsoft announced this week that it has successfully taken down 50 web domains used by a hacking group backed by the North Korean government.
Microsoft's Digital Crimes Unit and Threat Intelligence Center (DCU and MSTIC respectively) had been monitoring the group, known as Thallium, for months. Finally, on December 18, the company filed a suit against Thallium. United States authorities granted Microsoft a court order shortly after Christmas to take down the 50-plus domains the group has been using as part of their attacks.
Thallium was using the domains to send spear-phishing emails and host phishing pages. Spear Phishing basically what it sounds like - a more targeted version of a phishing attack. The group would collect information about the individuals it wished to target through social media and other public means. Once they had enough info, they would use that to craft believable emails that would lead the victim to a fraudulent website.
The group was targeting "government employees, think tanks, university staff members, members of [human rights and world peace organizations], and individuals that work on nuclear proliferation issues," according to Microsoft's Tom Burt, Corporate VP of Customer Security and Trust at Microsoft. The targets were based in the US, Japan, and South Korea.
This isn't the first time
ZDNet notes that Microsoft has used this tactic before against Russian, Iranian, and Chinese groups. It's unclear whether Microsoft or some other organization assigns the group names; these other hacking groups have similar names like Strontium, Phosphorus, and Barium.
A move like this is ultimately temporary, but it starts them back at square one and security firms a chance to examine their methods in depth. Combined with efforts like the move that took down at 850,000-computer botnet earlier this year, security researchers are making big moves against hackers.
The post Microsoft takes down 50 North Korean hacker domains appeared first on The Tech Report.