Microsoft acquires 50 domain names from hacker group linked to North Korea

Spread the love

Microsoft has acquired fifty domain names from hacker group APT37. It is linked to North Korea by security experts. The domains were used to carry out attacks on government employees in America, Japan and South Korea, among others.

Microsoft has sued the group, the company writes in a blog post. This gave Microsoft the right to take over the group’s domain names. These are websites that were used for spearphishing campaigns. The attackers sent targeted emails that appeared to be from Microsoft, for example changing the m to an r and an n. The malware distributed in this way was intended to steal information from the systems. Microsoft says the victims were mostly government officials, university employees, think tanks and human rights groups.

The domains were part of attack campaigns by a group Microsoft calls Thallium. That group is referred to as APT37 by other security experts, and is generally linked to the North Korean regime. The group was discovered by Microsoft’s Digital Crime Unit, and the Microsoft Threat Intelligence Center. The researchers allegedly monitored the groups for months. Microsoft researchers have caught state hackers before. Recently, groups from Russia and Iran were stopped.

You might also like