Microsoft has been hit by some pretty far-reaching hacks lately, but the most recent has potential to be the worst yet. The company is suing a North Korean hacking group for stealing “highly sensitive information” from U.S. computers. The lawsuit was filed on December 18.
‘High-value’ computer networks were targeted — Thallium, a cybertheft operation out of North Korea, allegedly targeted government employees, university staff, think tanks, and members of nuclear proliferation and human rights groups. The exact number of users who may have been affected by the hack is still unclear. Thallium has been active since 2010, according to the lawsuit.
Spearphishing? — The lawsuit alleges that Thallium’s hackers seek to obtain sensitive information like passwords by using phishing emails that appear to be from reputable accounts — a technique known as “spearphishing.” The emails are often personalized with information from victims’ social media accounts, making them even more convincing. Most people affected were chosen because of their affiliations with specific organizations or the U.S. government.
BabyShark?! — Yes, apparently some of the malware distributed by the group is known as “BabyShark,” while another goes by the name “KimJongRat.”
The naming system may leave something to be desired, but the malware itself was successful in compromising systems and stealing data, as far as Microsoft is concerned. While the lack of hard data makes the hack sound minimal, Microsoft seems to believe its scope is highly dangerous. The company is asking anyone with Thallium-associated web domains to hand over control of the sites.