• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Network Security, News

Microsoft Confirms Hacking Attacks By North Korean group

A hacking group called Thallium used spear phishing tactics to compromise Microsoft accounts, the tech giant confirms in unsealed court documents.

December 31, 2019 Zachary Comeau Leave a Comment

Microsoft hacking

Microsoft has confirmed a hacking attack against Microsoft users by a group believed to operate out of North Korea, the tech giant said in a blog post Monday.

The company said it is suing the hacking group, which it calls Thallium, in U.S. courts, and won a court order that enabled the company to take control of 50 domains the group used to conduct its hacking.

Microsoft said its Digital Crimes Unit and Threat Intelligence Center have been tracking and gathering information on Thallium, which included monitoring their activities to establish and operate a network of websites, domains and internet-connected computers.

The network was used to target government officials, think tanks, universities, world peace and human rights organizations and nuclear proliferation experts. Most attacks were focused on people in the U.S., but some were in Japan and South Korea, Microsoft said.

Thallium used a tactic called spear phishing, which entails gathering information about individuals from public sources like social media and staff lists to craft a personalized spear-phishing email designed to appear legitimate. For example, Thallium would send emails claiming to be from Microsoft, but the sending address was spoofed by combining the letters “r” and “n” to appear as the first letter in Microsoft’s domain.

The email contained a link that redirects a user to a website that requests account information, allowing Thallium to access their account, view emails, contact lists, appointment and other data. The group even created a new mail forwarding rule that forwarded all emails sent to the victim to Thallium-controlled accounts, allowing the group to access emails even after a password change.

Microsoft called Thallium the fourth known nation-state hacking group to face legal action. Previous groups operated out of China, Russia and Iran.

“These actions have resulted in the takedown of hundreds of domains, the protection of thousands of victims and improved the security of the ecosystem,” the company said in the post.

Microsoft recommends it users enable two-factor authentication on all accounts, learn how to spot phishing schemes and enable security alerts about links and files from suspicious websites and check email forwarding rules for suspicious activity.

Tagged With: Cyber Attacks

Related Content:

  • Avocor W Series 8 All-in-One Videoconferencing Displays That Make Meetings Easier
  • DTEN ONboard DTEN Launches ONboard for Zoom Whiteboard
  • GoTo Connect, GoTo Resolve GoTo Brings IT Helpdesk Support to GoTo Connect
  • Zoom macOS Update Zoom on macOS Devices Now

Free downloadable guide you may like:

  • Shadow ITBlueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Shadow IT
Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.