Microsoft Says North Korea-Linked Hackers Stole Sensitive Information

Microsoft Says North Korea-Linked Hackers Stole Sensitive Information
The Microsoft sign is shown on top of the Microsoft Theatre in Los Angeles, Calif., on Oct. 19, 2018. Mike Blake/AP
Reuters
Updated:

Microsoft Corp said on Monday, Dec. 30, it has taken control of web domains that were used by a hacking group called “Thallium” to steal information.

Thallium is believed to be operating from North Korea, Microsoft said in a blog post, and the hackers targeted government employees, think tanks, university staff members, and individuals working on nuclear proliferation issues, among others.

Most of the targets were based in the United States, as well as Japan and South Korea, the company said.

Thallium tricked victims through a technique known as “spear-phishing”, using credible-looking emails that appear legitimate at first glance.

Microsoft said it now has control of 50 web domains used by the group to conduct its operations, following a case filed against the hacking group in the U.S. District Court for the Eastern District of Virginia, and a subsequent court order.

Thallium also used malware to compromise systems and steal data, and is the fourth nation-state group against which Microsoft has taken legal action, the company said.

By Ayanti Bera