By Kevin Zhang
A federal court has granted Microsoft a court order to take over around 50 websites that were allegedly used by a North Korean hacker group called Thallium to steal highly sensitive information from computers located in the U.S.
Microsoft filed the lawsuit in federal court on December 18th against two individuals who have remained anonymous that were members of Thallium. The lawsuit stated that the group used the websites to send phishing emails to break into the Microsoft accounts of users and gain access to their information.
The documents state that Thallium impersonated Microsoft and made use of its brands, such as Office 365, to hack into the accounts.
Shortly after the filing, federal district court Judge Liam O’Grady granted a temporary restraining order to prevent Thallium from hacking Microsoft or its customers. He also ordered the host companies of the 50 website domains to transfer control of the websites temporarily to Microsoft.
The court has given the opportunity for Thallium representatives to appear in court on January 3rd to argue against the order becoming permanent, though it is unknown whether Thallium will send representatives or not or if they even have any.
“There is good cause to believe that if such conduct continues, irreparable harm will occur to Microsoft, Microsoft’s customers, and the public,” O’Grady wrote in the order.
The order can be counted as a victory in Microsoft’s mission to combat cybercrime from hacking groups that Microsoft believes are backed by nation-states. Microsoft is renowned worldwide as the maker of the currently largest operating system, Windows, and therefore has a strong insight into how hacking groups globally operate.
Microsoft has taken action against similar groups that were operating from and backed by China, Russia, and Iran. Tom Burt, the company’s vice president of consumer security and trust, says that he hopes Microsoft’s actions against these cybercriminal groups will raise awareness about these groups for other companies.
Thallium utilized a technique called spearphishing, which seeks to gain information from users using fake emails. The hackers also used the hijacked website domains to gain access to information and compromise systems.
The identities and locations of those in the Thallium group are unknown, but have been traced to North Korea and are affiliated with North Korean hacking groups.
Thallium’s hackers targeted government employees, university staff, and human rights workers.
The lawsuit was unsealed on December 27th.