Microsoft Hijack’s 50 Domains Used by Thallium Hacker Group carder forum, carder shop

Microsoft takes control of the 50 domains used by North Korea based Thallium hacker group for breaking into customer accounts and network for stealing sensitive information.
The lawsuit was unsealed on December 27 in Virginia federal court, which states that Thallium targets Microsoft software users by mimicking the company.
Thallium hacker group targets Microsoft customers in both public and private sectors, business, as well as many organizations and individuals worldwide.
The group found to be active since 2010 and they specialized in launching targeted attacks, by identifying individuals associated with an organization based on the information available publically and through social media.
To compromise the victim the group employs spearphishing attacks, they craft personalized spear-phishing email appeared to be from reputable providers such as Gmail, Yahoo.
The email’s sent from the hacker group stating that “suspicious login activity was detected” and the email has a link embedded.
When the victim click’s on the link it takes to the domain controlled by the hacker group and it presents a copy of the login page.
If the victims provide login details in the copy of the login page then Thalium hacker group can gain access to the victim’s account settings and they can review emails, contact lists, calendar appointments and anything else of interest in the compromised account, said Tom Burt , Microsoft’s Corporate Vice President of Customer Security & Trust.
They also add an auto-forward rule in the victim’s Email account setting to get copies of the email received by the victim’s and they keep track of every activity.
To deceive the victims, Thallium redirects the victims to legitimate Microsoft website[.]com after the login credentials are entered on the fake page.
Here is the list of domains used by the Thallium hacker group according to the complaint .
The malware capable of stealing information from the victim’s machine and maintains a persistent presence and waits for instructions from the command and control server.
This is not the first time, Microsoft took legal action to take action to bring down the malicious domain infrastructure of the nation-state activity group.
carder forum carder shop