Recently, Microsoft was successful in gaining control of 50 domains which were allegedly being used by a North Korean Black Hat group of hackers known as Thallium and APT37 to conduct large-scale cyberattacks.
This news was publicly known when on December 27, a U.S district court released details on the firm’s work and how it authorized them to take down these domains.
See: Indian police & Microsoft busts tech support scam centers
A work of Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC), these targets were primarily based in the U.S, Japan & South Korea and came from a variety of backgrounds. According to Microsoft’s blog post, these targets included,
“Government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues.”
The attack was sophisticated and employed effective information gathering using open-source intelligence and then lured users through spear-phishing.
Pictured below is one such example shared by Microsoft where a very legitimate-looking email has been crafted to trick users. Once a user clicks on the button’s link, login credentials are asked for which helps Thallium compromise the user’s account and view all associated activities.
