Microsoft's digital crimes unit went to court to disable 50 domains controlled by this network, so they can't be used to execute attacks.
Microsoft has filed a lawsuit against the group in a Virginia court on December 18, following which the USA authorities allowed the tech company to take down all the 50 domains, which were used to send phishing emails and host phishing pages that the North Korean hackers have been using to conduct cyber attacks.
Thallium reportedly used a variety of spear-phishing attacks conducted via emails sent from the domains that have since been seized by Microsoft.
Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues.
Microsoft recommends it users enable two-factor authentication on all accounts, learn how to spot phishing schemes and enable security alerts about links and files from suspicious websites and check email forwarding rules for suspicious activity.
Victory and profound sadness: LSU advances to title game amidst tragedy
LSU won the first two meetings, in 1959 and 1996, but Clemson came away with the win the last time these two played in 2012. The Buckeyes rose 16-0 in the middle of the second quarter before a late hit on Trevor Lawrence gave Clemson a spark.
Domains were used to send phishing emails and host phishing pages.
Once installed on a victim's computer, this malware steals information and maintains a "persistent presence" waiting on further instructions. "Most targets were based in the USA, as well as Japan and South Korea". For instance, take a look at the below image where Thallium spoofed the sender by using the letters "r" and "n" to make it look like "m" as in "microsoft.com".
Hackers also used deceptive websites to trick users into believing they were on a legitimate Microsoft websites and email attachments to distribute malware.
To do so, the hacking group gathers information about the target from social media and public profiles.
The news advisory also said "previous disruptions have targeted Barium, operating from China, Strontium, operating from Russian Federation, and Phosphorus, operating from Iran".