Microsoft (NASDAQ: MSFT) took heavy action against a North Korean hacking group that has been targeting Windows users by obtaining legal authority to seize 50 suspect websites in a large-scale effort to disrupt the group's hacking campaign.
Microsoft successfully obtained sanction from U.S. courts to take action against the hacking group, empowering the company's Digital Crimes Unit and Threat Intelligence Center to seize some 50 websites from hackers. The websites possessed deliberately misleading names, such as "hotrnall.com" which is intended to appear as "hotmail.com," or "office365-us.org", which is intended to appear like the website for Microsoft's Officer365 product. "On December 27, a U.S. district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium," said Tom Burt, Vice President of Customer Security, "in addition to targeting user credentials, Thallium also utilizes malware to compromise systems and steal data."
The hacking campaign by Thallium, also known as APT37, has targeted Windows users, particularly government employees, university employees, as well as individuals working with agencies and other organizations working on issues such as nuclear proliferation, human rights, and preventing wars. The group used a method of target-specific phishing known as "spear-phishing", where individual targets are pursued rather than a large scale campaign targeting random individuals. Often, targets were identified using publicly available information. The hackers followed the typical phishing strategy of sending seemingly legitimate emails and tricking victims into giving away credentials and downloading malware. Once the malware is on a victim's computer, it transmits data back to the hackers. Hackers had access to the victim's email, calendars, instant messaging, contacts, and a litany of other personal data.
The countermove against Thallium is the fourth such action undertaken by the tech giant. Previously, the company had targeted hacking groups in China, Russia, and Iran. In every instant, Microsoft obtained legal authority from U.S. courts to carry out similar actions. The seizing of the copycat websites disrupts the ability of hackers to obtain personal data by denying them avenues to seize credentials or trick victims into downloading malware.
Ultimately, the back and forth between tech companies and hacking groups have been an ongoing struggle. Despite advances in cybersecurity, hackers have been able to keep pace with methods of obtaining credentials and personal data. Phishing is the most common tactic used by hackers; the widespread threat of phishing, however, has been the subject of public awareness and cybersecurity campaigns by Microsoft and its contemporaries, such as Facebook (NASDAQ: FB) and Google (NASDAQ: GOOGL).