Published in News

Microsoft takes out 50 North Korean hacking domains

by on31 December 2019

Thallium tracked for months

Microsoft announced today that it successfully took down 50 web domains previously used by a North Korean government-backed hacking group.

The OS maker said the 50 domains were used to launch cyberattacks by a group the company has been tracking as Thallium, also known as APT37.

Microsoft said the Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) teams have been monitoring Thallium for months, tracking the group's activities, and mapping its infrastructure.

On December 18, the Redmond-based company filed a lawsuit against Thallium in a Virginia court. Shortly after Christmas, US authorities granted Microsoft a court order, allowing the tech company to take over 50 domains that the North Korean hackers have been using as part of their attacks. The domains were used to send phishing emails and host phishing pages.

The domains were used to send phishing emails and host phishing pages to gain access to internal networks, from where they'd escalate their attacks even further.

Microsoft's  Corporate Vice President of Customer Security and Trust Tom Burt said: "Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues."

Last modified on 31 December 2019
Rate this item
(1 Vote)

Read more about: