My TechDecisions

Network Security, News

Microsoft: North Korea Hackers Compromised Thousands of Accounts

Microsoft says hackers tied to North Korea have compromised thousands of accounts with an ongoing "spearphishing" campaign.

Leave a Comment

Sophos Cybersecurity Trends

Microsoft says two hackers tied to North Korea have hacked thousands of individuals in university, government, and other sectors. Microsoft said in a lawsuit against the supposed North Korea hackers that “John Doe 1” and “John Doe 2” run a cybertheft network called “Thallium.”

The complaint says these individuals “are engaged in breaking into the Microsoft accounts and computer networks of Microsoft’s customers and stealing highly sensitive information.”

“The precise identities and locations of those behind the activity are generally unknown but have been linked by many in the security community to North Korean hacking groups.”

More from a CBS report:

Thallium is a network of websites, domains and computers that the alleged hackers use to infiltrate Microsoft user accounts, according to the company.

Microsoft said a “spearphishing” technique is used to pry sensitive information from employees at think tanks as well as government officials working on nuclear proliferation issues.

Court documents filed by Microsoft show copies of emails that company officials believe were used by Thallium during phishing attacks. Microsoft is accusing Thallium of computer fraud, electronic privacy violations, trademark infringement and more.

In July, Microsoft notified 10,000 of its customers that they had been targeted by hackers in Russia, Iran and North Korea over the past 12 months.

How they did it & are you affected?

The CBS report cites the complaint, describing the cyber thieves’ methods:

  • they select one employee from an org who uses Microsoft and locates their email address
  • they contact said employee by using a Hotmail, Gmail, or Yahoo email address, claiming there was “suspicious login activity” on their Microsoft account
  • that email has a link the user is encouraged to click to fix the issue
  • the link connects their computer to a Thallium-controlled site, which logs, reviews, and strips IP addresses to access critical data

The best way to detect a breach is to have your cyber security provider troll the dark web for personal information tied to your company or org’s email.

Related: How To Be Better Prepared for Higher Ed Data Breaches

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

Using Live Chats and Chatbots to Increase Customer Engagement

There's a lot to consider when building out a chatbot experience to ensure that it delivers a seamless experience and meet your business goals.

Finding a New Balance

The shift to a hybrid work environment is a trend that has increased in popularity over many years. The COVID-19 pandemic has spurred this trend, f...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales