Microsoft says two hackers tied to North Korea have hacked thousands of individuals in university, government, and other sectors. Microsoft said in a lawsuit against the supposed North Korea hackers that “John Doe 1” and “John Doe 2” run a cybertheft network called “Thallium.”
The complaint says these individuals “are engaged in breaking into the Microsoft accounts and computer networks of Microsoft’s customers and stealing highly sensitive information.”
“The precise identities and locations of those behind the activity are generally unknown but have been linked by many in the security community to North Korean hacking groups.”
More from a CBS report:
Thallium is a network of websites, domains and computers that the alleged hackers use to infiltrate Microsoft user accounts, according to the company.
Microsoft said a “spearphishing” technique is used to pry sensitive information from employees at think tanks as well as government officials working on nuclear proliferation issues.
Court documents filed by Microsoft show copies of emails that company officials believe were used by Thallium during phishing attacks. Microsoft is accusing Thallium of computer fraud, electronic privacy violations, trademark infringement and more.
In July, Microsoft notified 10,000 of its customers that they had been targeted by hackers in Russia, Iran and North Korea over the past 12 months.
How they did it & are you affected?
The CBS report cites the complaint, describing the cyber thieves’ methods:
- they select one employee from an org who uses Microsoft and locates their email address
- they contact said employee by using a Hotmail, Gmail, or Yahoo email address, claiming there was “suspicious login activity” on their Microsoft account
- that email has a link the user is encouraged to click to fix the issue
- the link connects their computer to a Thallium-controlled site, which logs, reviews, and strips IP addresses to access critical data
The best way to detect a breach is to have your cyber security provider troll the dark web for personal information tied to your company or org’s email.