Microsoft has revealed that a hacking group called Thallium has stolen data using a method called spear phishing. A case has been filled by Microsoft against the North Korea hackers in the US District Court for the Eastern District of Virginia. Thallium is believed to be operating from North Korea.
According to Microsoft, the group used whats called spear phishing to get the sensitive information. This is basically using emails that look credible and often lead to a domain requesting personal information. Such as sending an email to alert user of a sign in attempt and asking him / her to confirm that attempt for security reasons.
This is a screenshot posted by Microsoft on their blog related to this attack where we can clearly see that the email looks legitimate enough to fool many people. If you see closely to the red marked letters on the photo, they’ve used the letter ‘r’ and ‘n’ to appear as if it an ‘m’ so that it appears that the email is sent from Microsoft.
People would often click on emails like this and go on to review the activity by clicking the given link which would obviously take them to a third party site where they would be asked to enter their personal or sensitive information.
According to Microsoft most of the people that were targeted in by Thallium, the North Korea hacking group were “government employees, think tanks, university staff members and individuals working on nuclear proliferation issues.”
Most of these targeted people belonged to the United States but also included Japan and South Korea according to Microsoft.
Microsoft said that they have taken control of at least 50 web domains that the North Korea hacking group was using to carry this out.
According to the company’s blog post, Thallium is the fourth nation-state group against which Microsoft has taken legal action.