Thallium: An announcement from Microsoft stated on December 30th, 2019 that they had taken control of 50 domains linked to the North Korean hacking group called Thallium. The domains were being used maliciously through spear-phishing campaigns attempting to trick its victims into clicking on links to direct users to the malicious domains. In one case, the threat actor was seen replacing the “m” in Microsoft[.]com with an “r” and “n” visually tricking the users into thinking that they were going to the actual Microsoft domain. The main goal of the group is to compromise their online accounts, infect their computers, compromise the security of networks and steal sensitive information. Targets of this campaign included government employees, think tanks, university staff members, groups focused on human rights and individuals that work in the nuclear profession. The group used these techniques to steal account credentials using fake Microsoft login pages but would also deploy malware such as “BabyShark” and “KimJongRAT.”
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.