Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Microsoft Security

Microsoft Takes Down 50 Domains Operated by North Korean Hackers (zdnet.com) 45

Microsoft announced today that it successfully took down 50 web domains previously used by a North Korean government-backed hacking group. From a report: The OS maker said the 50 domains were used to launch cyberattacks by a group the company has been tracking as Thallium (also known as APT37). Microsoft said the Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) teams have been monitoring Thallium for months, tracking the group's activities, and mapping its infrastructure. On December 18, the Redmond-based company filed a lawsuit against Thallium in a Virginia court. Shortly after Christmas, US authorities granted Microsoft a court order, allowing the tech company to take over 50 domains that the North Korean hackers have been using as part of their attacks. The domains were used to send phishing emails and host phishing pages.
This discussion has been archived. No new comments can be posted.

Microsoft Takes Down 50 Domains Operated by North Korean Hackers

Comments Filter:
  • My first thought after reading the summary and the article was that Microsoft launched some sort of network attack (fancy name: "cyberattack"). Then I thought maybe MS just changed the IP address mapping of the sites. Is Microsoft an Internet registrar or similar? If what Microsoft mainly did was to identify the malicious sites, then maybe the phrasing "had them taken down" would be just a bit more pedantic but much less ambiguous, leaving no doubt that a third party disabled the sites.
  • Why domains where given to a private company. Even if they were used for [insert unacceptable/illegal usage here], why were the domains control given to other than a government entity.

    • It seems likely that they were running some sort of zombie control servers targeting Windows and Microsoft wanted to send shutdown signals out.
    • Microsoft started this collaboration with the government in the mid-2000s because the government did not have the capability to takedown these organized bots often run by state actors or organized crime. The typical attack vector was also bootleg Windows XP machines that had been turned into zombie machines in a command and control malware network. In order to protect Microsoft customers and their computers as well as eliminate the threat, Microsoft required legal, operational, and technical capability to c

  • What possible standing does Microsoft have to interfere in a contract between two third parties?
    How does Microsoft have any standing in any court whatsoever with respect to any of the parties?
    Who appointed Microsoft to act as an agent for the Government?

    Is Microsoft now a Mercenary organization?
    How did Microsoft acquire the status of being a Private Police Force? By what authority?

    • Microsoft has no authority here the court did. Microsoft filed suit against the company which they believed to be behaving illegally, the court agreed which then provided Microsoft the legal ability to proceed. In reality it shouldnâ(TM)t be up to private companies to take action against the guys, the FBI and other law enforcement around the world should be doing it but clearly arenâ(TM)t (probably due to lack of adequate funding) so private enterprise steps up
      • The FBI isn't willing to step up to do their job here because they've been infiltrated by the same international criminal organization that is doing the hacks in the first place. They get plenty of funding. What they get too much of is KGB influence.

        • I'm confused by your conspiracy theory. Are the Russians controlling both the president, and one of the government agencies that's been fucking with him for the last 4 years?
          • The FBI helped him at every turn until it became publicly apparent that they were violating their own charter to do so, then they backpedaled fast and hard while still feigning complete uselessness. It's easy to follow if you have a longer memory than the last 6 months.

      • Who gives a flying fuck what Microsoft "believes". That does not give them standing to take legal proceedings.

    • by Anonymous Coward

      What possible standing does Microsoft have to interfere in a contract between two third parties?
      How does Microsoft have any standing in any court whatsoever with respect to any of the parties?

      You witness person A stab person B. You report the crime of person A to the authorities.
      The exact same chain of events will play out:

      The governments district attorney will press charges against person A.
      Person B that was stabbed has no control over this process and is no longer involved.
      You who reported the crime have no control over this process and are no longer involved.

      In court it is the government vs person A.

      Here we have an illegal contract between a US based registrar company, and north korea.
      US bas

      • So what you are saying is that the article is wrong. Microsoft did not do any of the things claimed Microsoft did. Microsoft was just a witness in a proceeding? Sort of like John Whackbasket claiming to have put Al Capone in jail merely because Mr. Whackbasket was in the same city.

    • by slazzy ( 864185 )
      The phishing was probably to gain access to Microsoft accounts. So they would be acting to protect their own interest.
    • by clovis ( 4684 )

      As I understand it, The names given by the court to Microsoft were typo-squatting names. That is, they resembled the real "Microsoft.com", such as "Microsaft.com", Or other common names such as perhaps resembling some government entity name pretending to
      serve Microsoft security such as "CIA-gov.com" warning you about your Microsoft account.

      ICANN and the courts have had a policy of taking typo-squatting names and granting ownership of these to the original host regardless of whether there is any criminal int

    • All good questions, but you're asking them about 30 years too late. They have everyone by the balls, now, and you all let it happen.

  • Doesn't say what the 50 domains actually were, but following through to the MSFT blog [microsoft.com], one that appears in the screenshot there is rnicrosoft . com ... but would be curious about the rest.

    Also the names of the malware BabyShark [paloaltonetworks.com] and KimJongRAT ... guessing those were not coined by the N. Koreans, though definitely their MO - macros in word processing software injected by phishing. They've been using the same bag of tricks for years.

  • ...the NK hackers will suffer for the setback? I wonder how many will be reeducated, sent to a concentration camp, or outright executed for their failure.

  • How to put a positive spin on Microsoft while at the same time trashing Americas current bogeyman. How about the geniuses at Microsoft making an OS that can't so easily be compromised.
    • Thanks for your insight, Ivan. Also: remind your trainers in Moscow that their trolling operations will be more convincing once they learn how to use apostrophes.
    • by clovis ( 4684 )

      These are phishing attacks. There is no indication that these attacks depend upon compromising the OS.

      • > These are phishing attacks. There is no indication that these attacks depend upon compromising the OS.

        Yea sure, opening an email attachment or clicking on a malicious link automatically leads to a compromised system on Macs and Linux and Android just like on Microsoft Windows ;]

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...