Security & Fraud

Microsoft Sues North Korean Firm For Cybertheft

Microsoft Sues North Korean Firm For Cybertheft

Microsoft is suing a mysterious North Korean hacking group called Thallium for allegedly stealing sensitive information, according to reports.

The suit targets two unnamed people who Microsoft claims work for Thallium. Microsoft alleges that those individuals engaged in a cybertheft operation that targeted high-value computer networks.

The hacking reportedly targeted groups and networks that contained information on nuclear proliferation and human rights.

According to the lawsuit, which was filed on Dec. 18 and was unveiled last week, Microsoft says Thallium has been active since 2010, and that the hacking group poses a threat “today and into the future.”

The complaint says Thallium allegedly used a technique called “spearphishing,” which means they sought to gain information from parties via emails that looked like legitimate Gmail, Hotmail or Yahoo accounts.

Hackers may have also used information from targets’ social media pages to make their fake emails look particularly convincing. In addition, they asked for login information from targets, claiming that suspicious activity had been found on their accounts.

Targets were selected because of their proximity to certain organizations, businesses or the government. After gaining access to the users’ information, hackers might have looked at contact lists, calendar appointments and other information stored in Microsoft users’ accounts.

There were also incidents of malware being used, identified in the complaint under the names ‘BabyShark’ and ‘KimJongRAT,’ which compromised users’ systems and were used to steal data. The malware was distributed via links that looked to be legitimate.

In the complaint, Microsoft is asking companies that host websites for Thallium to hand over control of the sites, and they want to be paid for damages in an amount to be determined after a trial.

While the precise location of the hackers is unknown, the complaint says they are generally believed to operate in North Korea based on information obtained from the security community.


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.