Microsoft Corp said on Monday, Dec. 30, it has taken control of web domains that were used by a hacking group called “Thallium” to steal information.
Thallium is believed to be operating from North Korea, Microsoft said in a blog post, and the hackers targeted government employees, think tanks, university staff members, and individuals working on nuclear proliferation issues, among others.
Thallium tricked victims through a technique known as “spear-phishing”, using credible-looking emails that appear legitimate at first glance.
Microsoft said it now has control of 50 web domains used by the group to conduct its operations, following a case filed against the hacking group in the U.S. District Court for the Eastern District of Virginia, and a subsequent court order.
Thallium also used malware to compromise systems and steal data, and is the fourth nation-state group against which Microsoft has taken legal action, the company said.