Microsoft has taken a big step by taking back control of over 50 domains that were used to execute cyberattacks. These attacks were reportedly attributed to the North Korean threat group called Thallium.
The news came to light when a U.S. district court unsealed documents that detailed the work Microsoft had performed to disrupt the cyberattacks by Thallium. As a result of the operation, the sites freed can no longer be used to execute attacks.
The activities of Thallium were being monitored by Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC). The threat group was using a network to target victims and then compromise their online accounts, infect their computer, compromise the security of their networks and steal sensitive information.
Microsoft says that the victims included think tanks, university staff members, government employees, members of organizations focused on world peace and human rights. The victims also included individuals who had worked on nuclear proliferation issues. The report by Microsoft said that most of the targets were based in the U.S., Japan, and South Korea.
Microsoft’s blog suggests everyone to do the following: “You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites and carefully check your email forwarding rules for any suspicious activity.”