On Monday, Microsoft announced that it had taken control of 50 domains associated with a hackers believed to be operating out of North Korea. Unsealed court documents show that the domains include “hotrnall.com,” “office356-us.org,” and “mai1.info,” among other copycat URLs.
In a blog post, the company said that the hacking group it called “Thallium” appeared to be targeting government employees, think tanks, and university staffers, as well as “members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues.” According to Microsoft, most of the group’s victims were based in the U.S., Japan, or South Korea.
Microsoft says Thallium used one of the oldest tricks in the book to steal account credentials and other information from its victims: phishing, that is, sending emails that trick recipients into visiting copycat versions of trusted websites. In March, security firm PhishLabs told Gizmodo that both phishing and spear phishing—a type of phishing that targets specific individuals and organizations—were on the rise.
Microsoft’s action against Thallium marks the company’s fourth use of the court system to seize domains from nation-state-linked hackers. In recent years, major tech firms like Google and Facebook have similarly tried to fight phishing, releasing tools to help prevent attacks.
As defenses against phishing become more sophisticated, however, so, too, do hackers’ tactics. Ultimately, there may be no way to completely protect your organization from phishing, but some simple practices—like double-checking URLs and using a password managers—can help mitigate the risk.