Microsoft filed a court case against a cybercrime group to disrupt its attacks on the public. The North Korea-based hackers used phishing emails and fake websites pretending to be the Windows maker to steal users’ credentials.
The US District Court for the Eastern District of Virginia unsealed documents on Dec. 27 in a case filed by Microsoft against a group called Thallium, according to a blog post by the company Monday. The court ordered the Redmond-based company to take control of 50 domains used for cyberattacks by the hackers.
Thallium used the technique known as spear phishing to create personalized emails to trick recipients to click on links that would give the group access to their login info. From there, the group would review emails and have new emails automatically forwarded to them. The hackers were also made use of the malware “BabyShark” and “KimJongRAT.” Most of the victims were based in the US, Japan and South Korea and tended to be government works, think tanks employees, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues.
This is the fourth nation-state activity group Microsoft has filed legal action against. It previously disrupted other groups operating in China, Russia and Iran.