Sunday February 23, 2020
Home Lead Story North Korea H...

North Korea Hackers Target Think Tanks, Activists; Reveals Microsoft

By using forwarding rules, Thallium can continue to see email received by the victim, even after the victim's account password is updated

0
//
microsoft, xbox
FILE - A sign for Microsoft is seen on a building in Cambridge, Massachusetts, March 18, 2017. VOA

Microsoft has revealed that a North Korea-linked hacker group has stolen the sensitive personal information of government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, as well as individuals who work on nuclear proliferation-related issues.

Microsoft has now gained control of 50 domains that the group uses to conduct its operations, the company said on Monday.

With this action, the sites can no longer be used to execute attacks.

A court case against the hacker group, called Thallium, filed in the US District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of the web domains, Microsoft Customer Security and Trust Vice President Tom Burt said in a blog post.

Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) has been tracking and gathering information on Thallium, monitoring the group’s activities to establish and operate a network of websites, domains and Internet-connected computers.

This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information.

Most targets were based in the US, as well as Japan and South Korea, Burt said.

Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing.

FILE - Microsoft Corp. signage is shown outside the Microsoft Visitor Center in Redmond, Wash.
FILE – Microsoft Corp. signage is shown outside the Microsoft Visitor Center in Redmond, Wash. VOA

By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target.

The link in the email redirects the user to a website requesting the user’s account credentials.

By tricking victims into clicking on the fraudulent links and providing their credentials, Thallium is then able to log into the victim’s account.

Upon successful compromise of a victim account, Thallium can review emails, contact lists, calendar appointments and anything else of interest in the compromised account.

The hackers often also creates a new mail forwarding rule in the victim’s account settings. This mail forwarding rule will forward all new emails received by the victim to Thallium-controlled accounts.

Also Read: Actor Pankaj Tripathi Likes to Put Work Before Vacay Plans

By using forwarding rules, Thallium can continue to see email received by the victim, even after the victim’s account password is updated.

“You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts,” Burt said.

“Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites and carefully check your email forwarding rules for any suspicious activity,” he added. (IANS)

Next Story

Microsoft Announces To Bring Antivirus Software “Defender ATP” To Android, iOS

It recently made its unified Office experience combining the Word, Excel and PowerPoint apps available for Android users worldwide

0
Microsoft
The decision to bring its Defender software to mobile devices reflects Microsoft's growing focus on smartphone products. Pixabay

Microsoft has announced that it will bring its antivirus software Defender Advanced Threat Protection (ATP) to iOS and Android.

“Defender ATP offers preventive protection, post-breach detection and automated investigation and response for Windows and macOS. Today we’re announcing support for Linux and plans for iOS and Android as well,” Ann Johnson, Microsoft Corporate Vice President, Cybersecurity Solutions Group, wrote in a blog post on Thursday.

The product is likely to help businesses prevent malware and phishing attacks, thereby helping employees to guard their usernames and passwords or other account information.

While the Microsoft blog post did not reveal the date or roll out of the product for mobiles, a report in CNBC said that it may be available later this year.

The decision to bring its Defender software to mobile devices reflects Microsoft’s growing focus on smartphone products.

Microsoft
Microsoft has announced that it will bring its antivirus software Defender Advanced Threat Protection (ATP) to iOS and Android. Pixabay

It recently made its unified Office experience combining the Word, Excel and PowerPoint apps available for Android users worldwide.

“Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things,” Johnson said in the blog post.

ALSO READ: Can AI Beat Humans In Identifying Disease Outbreak? Find it Out Here

“After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI (Artificial Intelligence) to enable defenders to protect data and manage risk across the full breadth of their digital estates,” Johnson added. (IANS)