Microsoft has taken over fifty domain names from hacker group APT37. This is linked to North Korea by security experts. The domains were used to carry out attacks on government employees in America, Japan and South Korea, among others.
Microsoft has sued the group, the company writes in a blog post. This gave Microsoft the right to take over the domain names of the group. These are websites that were used for spear phishing campaigns. The attackers sent targeted emails that seemed to be from Microsoft, with the m changed to r and n, for example. The malware that was spread in this way was intended to steal information from the systems. Microsoft says the victims were primarily civil servants, university staff, think tanks and human rights organizations.
The domains were part of attack campaigns of a group that calls Microsoft Thallium. That group is referred to as APT37 by other security experts, and is generally linked to the North Korean regime. The group was discovered by Microsoft’s Digital Crime Unit, and the Microsoft Threat Intelligence Center. The researchers would have been watching the groups for months. Microsoft researchers have often caught state hackers. Recently groups were out Russia and Iran stopped.
–
