Microsoft Corp. has successfully seized 50 domain names being used by a suspected North Korean hacking group as part of a broader campaign against cybercrime.
Spear phishing is not new, but where this story gets interesting is that at least some of the domains the group was using were aimed to look like Microsoft itself with slight variations. For example, one seized domain was rnicrosoft.com, the “rn” at the beginning of the domain looking somewhat like the letter m if a target didn’t look closely enough.
That domain name, along with the others, were set up to appear to be legitimate Microsoft sites, with users being asked to log in to their Microsoft.com accounts, Thallium stealing their credentials in the process. Once an account is compromised, the hacking group gains access to emails, contact lists and other things of interest but it doesn’t stop there.
read more (silicon angel) or blog (Microsoft)
Spear phishing is not new, but where this story gets interesting is that at least some of the domains the group was using were aimed to look like Microsoft itself with slight variations. For example, one seized domain was rnicrosoft.com, the “rn” at the beginning of the domain looking somewhat like the letter m if a target didn’t look closely enough.
That domain name, along with the others, were set up to appear to be legitimate Microsoft sites, with users being asked to log in to their Microsoft.com accounts, Thallium stealing their credentials in the process. Once an account is compromised, the hacking group gains access to emails, contact lists and other things of interest but it doesn’t stop there.
read more (silicon angel) or blog (Microsoft)
Last edited:
