Skip to main content
U.K. Edition
Wednesday, 20 January 2021

North Korean hackers stole sensitive information - Microsoft

Duration: 01:25s 0 shares 1 views
North Korean hackers stole sensitive information - Microsoft
North Korean hackers stole sensitive information - Microsoft

Microsoft says it has seized control of 50 sites used by a hacking group based in North Korea to steal sensitive information.

David Doyle reports.

Microsoft said on Monday (December 30) it had taken control of web domains used to steal sensitive information by what is believed to be a North Korean hacking operation.

In a blog post, Microsoft said the group, Thallium, had targeted government employees, thinktanks, university staff members and individuals working on nuclear proliferation issues, among others.

Most of the targets were based in the U.S., as well as Japan and South Korea.

Microsoft said Thallium had used "spear-phishing" - the technique of tricking people with credible looking emails.

The tech giant provided a sample showing Thallium had spoofed email recipients by using the letters "r" and "n" to appear as the letter "m" in a email address.

When victims clicked on a link in the email, Microsoft said, they were prompted to provide account details - giving the hackers access to a range information such as emails, contact lists and calendar appointments.

Thallium also allegedly used malware - named "BabyShark" and "KimJongRAT" - to compromise systems and steal data.

Microsoft obtained a court order to seize control of 50 sites used by the group to conduct its operations.

It's the fourth time Microsoft has taken legal action against a nation-state group - following similar cases against hackers Microsoft said were operating from China, Russia and Iran.


Related news coverage

You might like

More coverage