Skip to main content

Microsoft sees 50 North Korean phishing sites taken offline

(Image credit: Shutterstock)

Microsoft has taken control of fifty sites reportedly linked to cyberattacks originating from North Korea.

The Windows maker has been successful in a court bid to take down fifty domains used for spear phishing attacks that would both steal personal data and upload malware to infect IT systems.

The attacks apparently came from a hacking group known as Thallium, which has been accused of being affiliated with the North Korean government. 

The court action, filed in Virginia last month, came after both the US Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) teams finalised a long-term investigation into Thallium and its activities, which looked to target employees of governments, international agencies, as well as university staff, mostly based in the US, Japan and South Korea.

The spoof emails claimed that the user’s account was compromised, advising them to login to change their account details - but clicking on a link that offered to do so would take the victim to fake phishing sites hosted on one of the malicious domains, which would look to steal personal login details.

The hackers were also able to set up a command to silently copy any new emails to the user without their knolwedge, even if the account password had been changed.

Microsoft says that the court decision has now allowed it to take control of the fifty domain names used in the attacks, which have all now been removed.

Michael Moore
Michael Moore is News and Features Editor working across both ITProPortal and TechRadar Pro. He has worked as a technology journalist for more than five years, including spells at one of the UK's leading national newspapers. He is interested in hearing about all the latest news and developments across the Business IT world, and how companies are using new technology to help push forward their work and make their customer's lives easier.