By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft sued a cyber-espionage group with North Korean links tracked as Thallium for breaking into its customers' accounts and networks via spear-phishing attacks with the end goal of stealing sensitive information, as shown by a complaint unsealed on December 27. "To manage and direct Thallium, Defendants have established and operate a network of websites, domains, and computers on the Internet, which they use to target their victims, compromise their online accounts, infect their computing devices, compromise the security of their networks, and steal sensitive information from them," Microsoft's complaint says]. The lawsuit was filed by Microsoft on December 18 in the U.S. District Court for the Eastern District of Virginia, as first reported by Bloomberg Law's Blake Brittain. According to Microsoft, Thallium targets both public and private industry targets and it has been observed while previously attacking "government employees, organizations and individuals that work on Nuclear Proliferation issues, think tanks, university staff members, members of organizations that attempt to maintain world peace, human rights organizations, as well as many other organizations and individuals." The North Korean hackers are also believed to have been active since at least 2010 according to Redmond's complaint, and it is known for being behind spear-phishing attacks they operate via legitimate services such as Gmail, Yahoo, and Hotmail. A list of 50 domains used by Thallium in their attacks is available in Appendix A of Microsoft's complaint against the hacking group. Netscout's ATLAS Security Engineering & Response Team (ASERT) also tracks one of the North Korean hacking group's campaigns as STOLEN PENCIL. According to Netscout, the hackers' STOLEN PENCIL APT campaign has been targeting academic institutions since at least May 2018 in spear-phishing attacks with the end goal of stealing credentials. Based on several shared resources, Palo Alto Networks' Unit42 also linked Thallium's STOLEN PENCIL campaign with a malware dubbed BabyShark and delivered as part of a spear-phishing campaign focused "on gathering intelligence related to Northeast Asia’s national security issues," starting with November 2018. "Well-crafted spear-phishing emails and decoys suggest that the threat actor is well aware of the targets, and also closely monitors related community events to gather the latest intelligence," Unit42 said. Follow the link to OUR FORUM for more.