Posted on January 2, 2020 at 6:06 AM
APT37 and Thallium are the North Korean group of hackers that use a wide number of domains to carry out wide-scale cyberattacks. Microsoft recently announced that it had recovered about 50 domains this group uses to perpetrate their hacking attacks. Thallium has been operating for several years and they have been using several domains to perpetrate their hacking acts.
From reports gathered, Microsoft has been working on this issue for quite some time. But it kept its investigations under the radar until it could get hold of these domains.
In a statement made on the 27th of December by a U.S. district court, Microsoft has been working on the case before it received authorization from the court to seize the domains.
Hackers target different backgrounds and regions
According to a blog post from Microsoft, they usually target people from different backgrounds and geographical locations. But their main targets are based in South Korea, Japan, and the United States. Microsoft Threat Intelligence center (MSTIC and Microsoft’s Digital Crimes Unit (DCU) are the two units that have been working on the case for some time.
In the post, Microsoft said that the attackers usually target university staff members, think tanks, government employees, members of organizations focused on human rights and world peace, as well as those working on nuclear power issues. These are the special groups of people the hackers have been targeting.
Attackers employed sophisticated mechanisms
Microsoft said the attacker used no ordinary phishing methods in their attack. They used a very effective method of gathering information with open-source intelligence. The attackers then systematically lure their victims to do the hackers’ bidding through a phishing technology known as spear-phishing.
In the hacking template, the hacker would produce a legitimate-looking email to deceive users and ask them to carry out certain simple tasks. The hackers can employ the user to click the mail to gain an offer. When the user clicks the link on the mail, they will request login credentials. Upon providing those credentials, the hacker will automatically gain access to the user’s account and other linked credentials.
The hackers also attack a mail forwarding software to the account to retrieve any incoming emails the user receives henceforth. They do this unanimously, as the user may not even know someone else is reading their mails. This means that the user will be at their mercy when they get hold of sensitive information.
Also, the group has been discovered installing malware called KimJongRAT and BanyShark to the user’s computer to gain sensitive data and information. The unfortunate thing is that this malware is very difficult to discover and block.
Microsoft very committed to deal with cyber attackers
This is not the first time Microsoft has gone all out to curb the activities of cyber attackers. Before this event, the company had gone out for three other groups, namely, Phosphorus from Iran, Strontium (which operates from Russia), and Barium (from China).
The activities of Microsoft against these hackers have helped to secure the internet space from various hacking activities. Even at that, the attackers are not relenting in their bid to pursue other hacking loopholes. Microsoft has advised users to always take important security precautions when using the internet.