Microsoft takes down 50 North Korean hacking sites

Court order gives control of cyberattack domains

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas successfully launched a court action to take control of fifty domains used for spear phishing attacks.

These attacks apparently came from a hacking group affiliated with North Korea, and collected user account details in order to both steal data as well as uploadmalwarein an attempt to infect IT systems.

Spear phishing

Spear phishing

The phishing emails were targeted at employees of governments, international agencies, as well as university staff, mostly based in the US, Japan, and North Korea. The spoof emails claimed that the user’s account was compromised, advising them to login to change their account details.

Of course, the links went todomain namesthat attempted to look official in order to record the user account details. Once inputted, hackers could use this login information to access the user’s official account. From there, they would not just access and copy user information, but also install malware in an attempt to infiltrate any IT systems the user had access to.

Additionally, the hackers were able to set up a command to copy any new emails to the user without the user realizing, even when the account password had been changed.

According to Microsoft, the court action allowed Microsoft to take control of the fifty domain names used in the attack.

While presented as a victory against cyberattacks, domain names are cheap and it would be easy for the hacking group to simply copy their phishing attacks onto a new set of domains.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Additionally, users are reminded that in the event of ever receiving an email claiming your account details have been compromise, DON’T click on the links in the email, but instead visit the main website directly in order to avoid what is one of the most common yet easiest to avoid web attacks.

ViaZDnet.

Brian has over 30 years publishing experience as a writer and editor across a range of computing, technology, and marketing titles. He has been interviewed multiple times for the BBC and been a speaker at international conferences. His specialty on techradar is Software as a Service (SaaS) applications, covering everything from office suites to IT service tools. He is also a science fiction and fantasy author, published as Brian G Turner.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Nokia confirms data breach leaked third-party code, but its data is safe