North Korean hackers stole sensitive information from Microsoft users

For story suggestions or custom animation requests, contact [email protected] Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN
Microsoft has filed a lawsuit against two anonymous North Korean hackers for stealing user information in a hacking operation called Thallium.

The hackers were using 50 domains as part of their cyber operation, according to ZDNet.

In the court documents for the lawsuit, which was filed on December 18, Microsoft explained that hackers would send spear phishing emails to users that pretended to be from a Microsoft Account Team.

The emails would include a link to a host phishing page that would encourage users to enter their account credentials. Once hackers gained access gained access to a users' account, they would be able to review user emails, contact lists and other information.

In addition, Microsoft said the hackers were able to use misleading domains to trick users into clicking links that would result in malware such as KimJongRAT and BabyShark, which are remote access trojans, being installed on a user's computer.

This type of malware is able to exfiltrate information and wait to receive additional commands from the hackers who installed it, ZDNet reports.

Most targeted users were based in the U.S., Japan and South Korea.

According to ZDNet, Microsoft has since been granted a court order by U.S. authorities to take over the 50 domains used by the North Korean hackers. The tech company has since taken those websites down.

Microsoft had previously notified 10,000 users in July that their accounts had been targeted by hackers from North Korea, Russia and Iran over the past 12 months, CBS News reports.

RUNDOWN SHOWS:
1. North Korean hacking operation against Microsoft users
2. How hackers gained access to user accounts
3. How hackers tricked users into downloaded malware
4. Where most targeted users were based

VOICEOVER (in English):
"Microsoft has filed a lawsuit against two anonymous North Korean hackers for stealing user information in a hacking operation called Thallium."

"According to ZDNet, the hackers were using 50 domains as part of their cyber operation."

"In the court documents for the lawsuit, which was filed on December 18, Microsoft explained that hackers would send spear phishing emails to users that pretended to be from a Microsoft Account Team."

"The emails would include a link to a host phishing page that would encourage users to enter their account credentials."

"Once hackers gained access gained access to a users' account, they would be able to review user emails, contact lists and other information."

"In addition, Microsoft said the hackers were able to use misleading domains to trick users into clicking links that would result in malware such as KimJongRAT and BabyShark, which are remote access trojans, being installed on a user's computer."

"ZDNet reports this type of malware is able to exfiltrate information and wait to receive additional commands from the hackers who installed it."

"Most targeted users were based in the U.S., Japan and South Korea."

SOURCES: CNN, ZDNet, CBS News, Microsoft v John Does
https://edition.cnn.com/2019/12/30/tech/microsoft-hackers-lawsuit-north-korea/index.html
https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/
https://www.cbsnews.com/news/microsoft-says-hackers-linked-to-north-korea-tried-to-steal-customer-data/
https://www.scribd.com/document/441295185/Microsoft-v-John-Does