Microsoft has taken legal action against a North Korean cybercrime group called Thallium to prevent it from further attacking users.
A Virginia court issued an order allowing Microsoft to take control of the 50 domains used by Thallium to cyberattack users. Most of the victims were government workers, university staff members and employees of human rights organizations. Microsoft says that by taking over the sites, Thallium won’t be able to use them in future attacks.
The hackers posed as Microsoft through phishing emails and fake websites to steal users’ information and credentials. Thallium would send phishing emails to users that included malicious links, which would send users’ login information to the group. The hackers used several different malware including one called “BabyShark.”
Microsoft previously filed legal action against cybercrime groups operating in Russia, China and Iran.