Login

Register

Login

Register

#cybersecurity | hacker | Microsoft helps shutter domains run by North Korean cybergang Thallium


A U.S. district
court issued an order enabling Microsoft to take over 50 domains used by a North
Korea-based cybercrime gang to conduct spear phishing campaigns.

Microsoft’s
Digital Crimes Unit and the Microsoft Threat Intelligence Center took down the
domains controlled by a group it named Thallium after researching the malicious
actors activity and filing a report with the U.S. District Court for the
Eastern District of Virginia, said Tom Burt, Microsoft’s corporate vice president,
customer Security and trust.

The court documents were unsealed on December 27 and detailed Microsoft’s work deciphering how Thallium, which is believed to be North Korean, operated its campaigns. The group, according to Burt’s report, did extensive online research to develop the information needed to properly socially engineer the spear phishing emails. Targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most of the targets were based in the U.S., as well as Japan and South Korea.

A phishing
email would generally contain a message requesting the individual click on an
embedded link in order to correct an issue. Once the link is clicked the victim
is taken to a fraudulent site and asked to supply their login credentials at
which point Thallium has the ability to take over the account.

“Upon
successful compromise of a victim account, Thallium can review emails, contact
lists, calendar appointments and anything else of interest in the compromised
account. Thallium often also creates a new mail forwarding rule in the victim’s
account settings. This mail forwarding rule will forward all new emails
received by the victim to Thallium-controlled accounts. By using forwarding
rules, Thallium can continue to see email received by the victim, even after
the victim’s account password is updated,” Burt said.

Thallium
also used this access to plant the persistent, information-stealing malware BabyShark
or KimJongRAT.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW