Cybersecurity

Microsoft says North Korea-based hackers were stealing sensitive information

Key Points
  • Microsoft said on Monday it won a court order that allowed the tech giant to take control of 50 websites that a North Korea-linked hacking group was using to carry out cyberattacks.
  • The group called "Thallium," believed to be operating from North Korea, was using a technique known as spear phishing to trick its victims.
  • The group's targets included government employees, think tanks, university staff and individuals working on nuclear proliferation issues based mostly in the U.S., Japan, and South Korea.
Attendees walk past the logo of US multinational technology company Microsoft during the Web Summit in Lisbon on November 6, 2019. Europe's largest tech event Web Summit is held at Parque das Nacoes in Lisbon from November 4 to November 7.
PATRICIA DE MELO MOREIRA | AFP | Getty Images

Microsoft said on Monday it won a court order that allowed the tech giant to take control of 50 websites that a North Korea-linked hacking group was using to carry out cyberattacks.

The group called "Thallium," believed to be operating from North Korea, was using a technique known as spear phishing to trick its victims, Microsoft said in a blog post.

By gathering information about individuals through the public domain and social media, the hackers crafted personalized emails that looked credible. Those emails directed users to fraudulent websites where their account login details were compromised, which allowed the attackers to read emails, look at contact lists and access calendar appointments, according to Microsoft.

Thallium was also using malicious software to compromise systems and steal sensitive data.

The group's targets included government employees, think tanks, university staff and individuals working on nuclear proliferation issues. Most of them were based in the United States, Japan, and South Korea.

Microsoft said Thallium was the fourth nation-state hacking group against which it filed legal actions to take down the infrastructure they use to carry out cyberattacks.