By 
US technology giant Microsoft said on Monday it received a court order which allows it to take down web domains used by North Korean hackers to carry out cyberattacks.
Microsoft said a federal court allowed it to seize 50 domains operated by a group called Thallium, which fooled online users by deceitfully using Microsoft brands and logos.
“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” said Tom Burt, Microsoft’s vice president for customer security and trust.
“Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the US, as well as Japan and South Korea.”
Microsoft, which had been probing the group for some time, said the hacking group sent hoaxed emails that seemed to come from Microsoft which deceived users into divulging their login credentials.
“By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target,” Burt said.
After receiving the victim’s credentials, the cyberthieves can access emails, contact lists, calendar appointments and other data and often forward any new emails to the attackers.
The hackers also used malicious software which can access other data on a victim’s computer.
An order from a US federal court in Virginia allowed Microsoft to take control of the domains, meaning “the sites can no longer be used to execute attacks,” Burt said.
