Microsoft Seizes Web Domains From North Korea-linked Hacker Group

(RTTNews) - Microsoft said it has taken control of 50 web domains used by a hacker group called Thallium, believed to operate from North Korea.

In a blog post, the software giant said that in December, it filed a lawsuit in the U.S. District Court for the Eastern District of Virginia against a group of hackers who operated Thallium.

The court order enabled Microsoft to take control of the domains used by the group to conduct its operations. These sites can no longer be used by the hacking group.

Some of the domains include operated by the hackers included copycat URLs such as "", "" and ""

According to Microsoft, Thallium is a network of websites, domains and internet-connected computers used by the hackers to break into the Microsoft accounts as well as computer networks of the company's customers and steal highly sensitive information.

Thallium targeted government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the U.S., Japan and South Korea.

Thallium typically attempted to trick victims through a technique known as spear phishing.

After collecting information about the targeted individuals from social media, public personnel directories from organizations the individual was involved with and other public sources, Thallium crafted a personalized spear-phishing email in a way that gave the email credibility to the target.

In addition to targeting user credentials, Thallium also utilized malware named "BabyShark" and "KingJongRAT" to compromise systems and steal data from the victims' systems.

Thallium is the fourth nation-state activity group against which Microsoft filed legal actions, and follows similar moves against operations from China, Russia and Iran, known as Barium, Strontium and Phosphorous, respectively.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

In This Story


Latest Markets Videos


    Founded in the late 1990s by Andrew Mariathasan in New York, with the goal of covering Wall Street for a new generation of investors, RTTNews has expanded steadily over the years to become a trusted provider of content for a wide array of subjects across several platforms. RTT's Financial Newswire is relied upon by some of the world's largest financial institutions, including banks, brokerages, trading platforms and financial exchanges.

    Learn More