North Korea Group Allegedly Hacked Microsoft Users In US, Stole 'Highly Sensitive Information'

A lawsuit has been filed by Microsoft against two unnamed members of a North Korean hacking group who allegedly stole "highly sensitive information" from U.S. computers. The suit describes the group, called Thallium, as a cybertheft operation that targets computer networks of high value. The lawsuit was filed on Dec. 18 in a federal court in Virginia.

Government employees, think tanks, or a university staff were typical targets but the Thallium group also went after networks that work on issues like nuclear proliferation and human rights. These are sensitive issues to North Korea and its leader Kim Jong Un, as well as those who observe events in North Korea.

Microsoft claimed that Thallium "has been active since 2010, and it poses a threat today and into the future,” but it did not specify the total number of computers that were hacked. The technology giant is also requesting compensation for damages and that companies with domains associated with Thallium hand over control of the sites.

“Phishing” is a term described as “a type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information”, according to Microsoft's Safety & Security Center.

Angling terms, with the “ph” replacing the “f”, to describe the activity of hackers are quite apt. Phishing can be compared to commercial fishermen using large nets to capture many fish or a single fisherman dangling bait on a hook to catch an unspecified single aquatic creature

Fishermen using spears to target a specific type of fish are called spearfishers, thus the term “spearphishing”, that targets an individual within an organization. This is what the Microsoft suit alleges that Thallium is up to. Another term related to catching large aquatic mammals is “whaling” to target CEOs, CFOs, and other executives or the “big fish” of the targeted organization.

The spearphishing process is usually a well-crafted email disguised as originating from a reputable account like Hotmail or Yahoo or a company like PayPal. The language of the emails includes terms like “suspicious activity” or “your account has been suspended due to unusual activity” to convince the recipient to respond.

Hackers will also use deceptive sites that mimic legitimate Microsoft websites leaving the user one click away from computer malware infecting their devices and distributing it among their co-workers. The complaint was specific naming "BabyShark" and "KimJongRAT" as the malware used to "compromise systems and steal data from victim systems.”

The larger concern is that the information gleaned from the hackers, thought to be from North Korea, will end up aiding the Kim Jong Un regime.