Microsoft Hijack's 50 domains used by North Korea based Thallium hacker group for breaking into customer accounts and network for stealing sensitive information. Microsoft identified that Thalium uses 50 domains in its command and control infrastructure, some of the domains impersonate well-known companies such as Microsoft, Google, Yahoo, and Naver.
Thallium hacker group targets Microsoft customers in both public and private sectors, business, as well as many organizations and individuals worldwide.
The group found to be active since 2010 and they specialized in launching targeted attacks, by identifying individuals associated with an organization based on the information available publically and through social media.
To compromise the victim the group employs spearphishing attacks, they craft personalized spear-phishing email appeared to be from reputable providers such as Gmail, Yahoo.
Microsoft detailed a sample in which threat actors combined letter “r” and “n” to make it appear as “m” in “microsoft.com.”
In addition to stealing data, Thallium also deploys malware named “BabyShark” and “KimJongRAT” malware on the victim’s computer.
To Mitigate the Attacks
Enable two-factor authentication
Identify Phishing Emails
Enable security alerts about links and files
Read More:
To Read More About Spear Phishing :
#phishing #hackinggroup #malwareattack #spearphishing #cybersecurity #CyberSecurityNewsPodcast
0 Comments