var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

Dark Reading is part of the Informa Tech Division of Informa PLC

7x彩票网appThis site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

12/31/2019
10:00 AM
50%
50%

Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group

'Thallium' nation-state threat group used the domains to target mostly US victims.

7x彩票网appMicrosoft this week announced it had gained a court order to take control of 50 domains used by a threat group believed to operate out of North Korea.

7x彩票网appThe US District Court order effectively allowed Microsoft to shut down the domains, which had been used by the so-called Thallium hacking group to target government employees, think tanks, universities, and organizations associated with human rights work and nuclear proliferation — most of them in the US, but also some in Japan and South Korea.

Thallium employs spearphishing attacks, some of which portend to come from Microsoft, in order to fool the victims into giving up their email account credentials. According to Microsoft, Thallium typically sets up a mail-forwarding rule in the hacked email account that allows the attackers to receive the victim's emails, even when the victim changes his or her password. 

The group is known for planting a backdoor known as BabyShark and KimJongRAT on the victim's machine.

The legal action by Microsoft follows previous such takedowns by the company of a Chinese nation-state group called Barium, a Russian nation-state group called Strontium, and an Iran-based group called Phosphorus.

"We think it's critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet," Tom Burt, corporate vice president of customer security and trust at Microsoft, wrote in blog post today announcing the legal action. 

7x彩票网appRead the full post . 

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "SIM Swapping Attacks: What They Are & How to Stop Them."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
Reports
More Reports
Comments
Newest First  |  Oldest First  |  Threaded View
50%
50%
saigonnamphat,
User Rank: Apprentice
1/1/2020 | 11:40:22 PM
Re: Pending Review
OK
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-02-18
Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.

PUBLISHED: 2020-02-18
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.

PUBLISHED: 2020-02-18
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.

PUBLISHED: 2020-02-18
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.

PUBLISHED: 2020-02-18
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app