Microsoft has disabled dozens of websites that North Korean hackers used to steal personal information from Americans and others, the tech giant said.

A federal court order allowed Microsoft to take control of 50 domains that a hacker group known as “Thallium” used to launch cyberattacks on government workers, university staff, think tanks and other targets, the company said.

The group, which is believed to operate in North Korea, used a network of websites, computers and domains “to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” Microsoft said in a Monday blog post.

The company did not disclose how many people Thallium targeted, but it said the group used a tactic called “spear phishing” to snatch personal information from targets in the US, Japan and South Korea.


The hackers used publicly available information to identify targets whom they sent authentic-looking emails leading to a website that asked for the users’ account information, according to Microsoft.

The hackers could view the targets’ email messages, contacts and calendar appointments once they got the credentials, the company said. They also often set up victims’ accounts to forward new emails to Thallium accounts, giving hackers access to the targets’ messages even after they changed their passwords, Microsoft said.

Thallium also uses malware programs — with names such as “BabyShark” and “KimJongRAT” — to steal data from computers and compromise systems, according to the company.

Microsoft said Thallium is the fourth foreign hacking group that it has battled with legal action. The company has also gone after groups operating from Russia, China and Iran, according to the blog post.

Ref;nypost.com