North Korea-linked group Thallium sued by Microsoft

Thallium a cyber espionage group linked to North Korea has been sued by Microsoft. The lawsuit is for hacking into its clients’ records and systems by means of phishing attacks. The hackers targeted Microsoft clients imitating the organization, as indicated by a lawsuit unsealed Dec. 27 in the U.S. Virginia District Federal Court.

The group is charged for breaking into people’s accounts to steal sensitive information. They mislead users of Microsoft to give usernames and passwords according to the complaint lodged.

It is alleged that Thallium targets employees from government institutions, human rights associations, staff members from universities. Also targeted are people working on proliferation of nuclear issues.

Thallium APT group has been actively hacking since 2010. Microsoft uncovered that the hackers launched phishing activities utilizing authentic service providers; Including Gmail, Yahoo, and Hotmail.

According to the Lawsuit Microsoft who is the plaintiff states that the espionage group have built up an Internet-based cyber theft activity alluded to as “Thallium.” Through this they engage in breaking into accounts and PC systems of Microsoft’s clients and taking sensitive data.

To oversee and coordinate Thallium, Defendants have set up and work a system of sites, domains, and PCs on the Internet. This is what they use to focus on their unfortunate casualties. Compromise their accounts and records, infect devices, and take sensitive data from them.

Thallium utilizes a method where unfortunate casualties click on a malicious link included in the phishing messages. This link redirects to an authentic Microsoft domain. With this stunt, assailants deceive people into thinking the link is uncompromised. This is achieved by ensuring the link contains Microsoft domain names and trademarks.

The cyber espionage group Thallium also utilizes malware to steal sensitive information from its objectives. As per the grievance lodged two of the most widely recognized malware inserts utilized by the APT are traced as ‘BabyShark’ and ‘KimJongRAT.’

The group utilize misdirecting domains and Microsoft’s trademarks to make people click on the links which causes installation of malware on the unfortunate casualties’ PCs says Microsoft.

Once introduced on an unfortunate casualty’s PC, this malware taps data from the infected Computer. It maintains a presence on the PC hanging tight for additional guidelines from Thallium.

Bloomberg Law distributed a rundown of 50 domains utilized by Thallium in its espionage campaigns.

Activities of Thallium APT grouping was additionally checked by specialists from Netscout’s ATLAS Security Engineering and Response Team (ASERT) that followed it as STOLEN PENCIL.

ASERT observed cyber espionage activities targeting academic institutions. Phishing messages were sent containing a link to a site where a decoy document luring users to Install Google Chrome extension that is malicious. The unfortunate casualties were at different colleges with critical skill in biomedical engineering.

This isn’t the first action suit by Microsoft against cyber espionage groups. In July 2017 the organization utilized a lawsuit to disturb an enormous number of cyber attack campaigns directed by the notorious Fancy Bear APT hacking team.