Microsoft today announced that it has successfully regained control of 50 network domain names previously controlled by north Korean government-backed hackers, zdnet reported. Microsoft says its Threat Intelligence Center and Digital Crime Unit (DCU) have been tracking the hacking group Thallium, also known as APT37, for months using 50 domain names to launch cyberattacks.
On December 18, Microsoft filed a lawsuit against Thallium in a Virginia court. Soon after, U.S. authorities granted a Microsoft court order allowing the technology company to take over more than 50 domain names. Hackers use these domains to send phishing emails and host phishing pages. Thallium hackers lure victims on these sites, steal their certificates, and then go inside the internal network to further escalate attacks.
In addition to tracking Thallium’s offensive operations, Microsoft also tracks infected hosts. According to victim information, the hackers targeted government employees in the United States, Japan and South Korea, think tanks, university staff, and staff working on nuclear research and development programs.