Microsoft takes down 50 North Korean hacking sites

Microsoft has successfully launched a court action to take control of fifty domains used for spear phishing attacks.

These attacks apparently came from a hacking group affiliated with North Korea, and collected user account details in order to both steal data as well as upload malware in an attempt to infect IT systems.

Spear phishing

The phishing emails were targeted at employees of governments, international agencies, as well as university staff, mostly based in the US, Japan, and North Korea. The spoof emails claimed that the user’s account was compromised, advising them to login to change their account details.

Of course, the links went to domain names that attempted to look official in order to record the user account details. Once inputted, hackers could use this login information to access the user’s official account. From there, they would not just access and copy user information, but also install malware in an attempt to infiltrate any IT systems the user had access to.

Additionally, the hackers were able to set up a command to copy any new emails to the user without the user realizing, even when the account password had been changed.

According to Microsoft, the court action allowed Microsoft to take control of the fifty domain names used in the attack.

While presented as a victory against cyberattacks, domain names are cheap and it would be easy for the hacking group to simply copy their phishing attacks onto a new set of domains.

Additionally, users are reminded that in the event of ever receiving an email claiming your account details have been compromise, DON’T click on the links in the email, but instead visit the main website directly in order to avoid what is one of the most common yet easiest to avoid web attacks.

Via ZDnet.

No comments yet.

Leave a Reply

in development