Microsoft is suing a mysterious North Korean hacking group called Thallium for allegedly stealing sensitive information, according to reports.
The suit targets two unnamed people who Microsoft claims work for Thallium. Microsoft alleges that those individuals engaged in a cybertheft operation that targeted high-value computer networks.
The hacking reportedly targeted groups and networks that contained information on nuclear proliferation and human rights.
According to the lawsuit, which was filed on Dec. 18 and was unveiled last week, Microsoft says Thallium has been active since 2010, and that the hacking group poses a threat “today and into the future.”
The complaint says Thallium allegedly used a technique called “spearphishing,” which means they sought to gain information from parties via emails that looked like legitimate Gmail, Hotmail or Yahoo accounts.
Hackers may have also used information from targets’ social media pages to make their fake emails look particularly convincing. In addition, they asked for login information from targets, claiming that suspicious activity had been found on their accounts.
Targets were selected because of their proximity to certain organizations, businesses or the government. After gaining access to the users’ information, hackers might have looked at contact lists, calendar appointments and other information stored in Microsoft users’ accounts.
There were also incidents of malware being used, identified in the complaint under the names ‘BabyShark’ and ‘KimJongRAT,’ which compromised users’ systems and were used to steal data. The malware was distributed via links that looked to be legitimate.
In the complaint, Microsoft is asking companies that host websites for Thallium to hand over control of the sites, and they want to be paid for damages in an amount to be determined after a trial.
While the precise location of the hackers is unknown, the complaint says they are generally believed to operate in North Korea based on information obtained from the security community.