Microsoft has reported that it has detected a wide network of cyberattacks originating from North Korea. The Thallium hacking campaign is against Windows users, and this time, the danger is a lot more personal.
The threat group behind these cyber-attacks is believed to be based in North Korea and has been named as “Thallium” by Microsoft and is also known as APT37. The hacking group appears to have been targeting government employees, university staff, those working on nuclear proliferation issues, as well as world peace and human right. The majority of those targeted were based in the U.S. but Microsoft has confirmed individuals in Japan and South Korea also found themselves in the hacking crosshairs.
Tom Burt confirmed the attacks in a December 30 posting. “On December 27, a U.S. district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium,” Burt said, “in addition to targeting user credentials, Thallium also utilizes malware to compromise systems and steal data.” Many of these attacks were carried out to infect victims with malware such as KimJongRAT and BabyShark.Once that malware is successfully installed on a compromised Windows computer, it exfiltrates data. It also adopts a persistent attack strategy, waiting patiently in the background for further instructions from the hacking group.
Microsoft has announced that it successfully took down 50 web domains operated by the North Korea-based Thallium hacking group. “With this action, the sites can no longer be used to execute attacks,” Burt said.
However, Burt also declared that there is more to be done. “We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet,” Burt said, “We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”
How can Windows users protect themselves from attack?
Windows users should take mitigation measures including enabling two-factor authentication (2FA) on all email accounts, both business and personal. Keeping an eye on your email forwarding rules is also recommended to spot any attacker that may have got past your defenses to have copies of all mail sent to them. Microsoft itself has an excellent phishing awareness guide for users of Office 365. You might also want to read my tutorial on how to secure Microsoft Windows in eight easy steps.
Secure Your Organization’s Mind with Securemind.se