Microsoft acts against North Korean hackers who targeted the United States - France 24

Washington (AFP)

Microsoft said Monday it had obtained a warrant from a court of law authorizing it to seize Internet domain names used by North Korean hacker groups to attack human rights defenders and other actors of American civil society. .

The American technology giant will be able to take control of 50 domains managed by Thallium, a group that has trapped Internet users by usurping Microsoft brands and attributes.

"The network infected victims' computers, compromised their online security and stole sensitive information," said Tom Burt, Microsoft vice president of consumer security.

"Their targets included government officials, think tanks and academics, members of peace and human rights organizations, and people working on nuclear proliferation issues. Most live in the United States , as well as in Japan and North Korea ".

Hackers gathered enough information about their victims to send them personalized emails, which seemed to come from Microsoft and incited them to reveal their identifiers, a technique called "spear phishing".

They had access to their emails, contacts, appointments and other information generally available in a mailbox. Microsoft's cyber security unit has also established that hackers use malware to recover data from computers.

The Virginia federal court decision allows Microsoft to take control of the affected domain names, "so that they can no longer be used to carry out attacks," said Tom Burt.

The Seattle firm said it was the fourth time it had taken action against a state-linked group, whose techniques resembled those used in operations from China, Russia and Iran ( baptized respectively Barium, Strontium and Phosphorus).

© 2019 AFP