Microsoft seizes network of 50 domains from hacker group with ties to North Korea

[Sylence]

Microsoft said it got a court order to seize 50 websites used by a hacker group with ties to North Korea that targeted government employees, universities, human rights organizations and nuclear proliferation groups in the U.S., Japan and South Korea.

 

 

 

The group, known as Thallium, uses the network of websites, domains and connected computers to send out “spear phising” emails. Hackers gather as much information on targets as they can to personalize messages and make them appear legitimate.

When the target clicks on a link in the email, hackers are then able to “compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” Microsoft wrote in a blog post.

Microsoft showed an example of one of Thallium’s spear phishing messages. It looks very much like a standard notification that comes with signing into a Microsoft account in a new location. One big difference, Microsoft says, is the group combined the letters “r” and “n” in the domain name to look like the first letter “m” in “microsoft.com.”

 

 

 

 

Microsoft, through its Digital Crimes Unit and Threat Intelligence Center, has positioned itself as an important line of defense against so-called “nation state” hacking organizations. Microsoft has in recent years taken on hacking groups with ties to China, Iran and Russia.

The tech giant uses the information it gathers from tracking these hackers to beef up its security products. Microsoft recommended a number of actions organizations can take to better protect themselves, including enabling two-factor authentication on business and personal email accounts, training people to spot phising attempts and enabling security alerts about links and files from suspicious websites.

 

Source: MSN

[steven36]

What will it take the APT37 a  few days  to  steal more domains ?   malware campains domains change at random  anyway .  It just whackamole 

 

Short version

1. Domain names are hijacked with the intent to steal customers, customer data and take out competitor websites. There is a lot of money to be made by extorting money from domain owners and website users. Fortunately, there are ways to deflect this type of security threat.
2. Typosquatting is where hijackers register misspelt versions of your domain name to sent the traffic to malicious sites. Registering all possible versions of your domain name including singular and plural versions, all common domain extensions and hyphenated and non hyphenated word compounds.
3. Registrar hacking is a vulnerability all websites face. When a registrar is hacked, hackers have access to all domains in their database. Choose a domain name registrar with a solid reputation and sufficient security policies in place to avoid complications further down the line.
4. Domain hijacking is a form of theft when someone gains unauthorized access to your domain account to take it offline or transfer to another person. Often, they gain access by hacking the domain’s administrative email. Countermeasures such as domain privacy, and protecting your domain control panel are some of the best ways to prevent this from happening.
5. Domain phishing is a scam to trick email recipients into handing over their account details via links in emails posing as their registrar. The links forward unsuspecting domain owners to dodgy replica registrar websites looking to obtain sensitive information such a domain account’s username and password. Be vigilant with emails to prevent falling prey to phishing.
6. DNS attacks and cache poisoning are on the rise because people aren’t aware of the threat they pose to domains. DNS converts IP addresses to websites, when the DNS records are changed, visitors land on a different website. When too much traffic is sent to a DNS, a server will crash bringing the website down. Types of DNS attack vary from DNS spoofing, DNS amplification, DDoS and cache poisoning.

 

Source  and Long version here

https://www.namecheap.com/security/domain-phishing-security-attacks-guide/

[Sylence]

At least Microsoft is doing something to fight the hackers

[steven36]

They one group out there called  Sea Turtle they so good  at it they stole Entire Countries’ Internet Domains

https://www.thedailybeast.com/team-of-cyberspies-hacked-entire-countries-internet-domains

 

Its too late for them  to  do anything  they  already have what they want . Microsoft  don't have no pull  in that country . NK celebrated New Years by shooting off bombs they bought from hacking   and if it was the NSA Microsoft  would not say a word  because they hold  contracts with the Goverment . Every security team  go after rival state hackers . But only groups like Wiki Leaks went after the NSA and CIA  and see were that got them it got there founder put in jail. 

[Sylence]

11 minutes ago, steven36 said:

They one group out there called  Sea Turtle they so good  at it they stole Entire Countries’ Internet Domains

https://www.thedailybeast.com/team-of-cyberspies-hacked-entire-countries-internet-domains

 

Its too late for them  to  do anything  they  already have what they want . Microsoft  don't have no pull  in that country . NK celebrated New Years by shooting off bombs they bought from hacking   and if it was the NSA Microsoft  would not say a word  because they hold  contracts with the Goverment . Every security team  go after rival state hackers . But only groups like Wiki Leaks went after the NSA and CIA  and see were that got them it got there founder put in jail. 

 

Doesn't matter,

like I said they are at least doing something so nothing is too late.

 

with your thinking, US should just hand over their data to North Korea because everything is too late.

 

Also most advanced countries already separated their important infrastructures from the public Internet. like Russia, China and even Iran.

so in case the global Internet itself or the DNS servers get shut down for any reason, the country itself stands untouched.

 

recently Iran government shut down international access of Internet for a week but all of the websites hosted inside the country and all of the important government websites, banks, online Taxi etc etc kept working normally.

 

 

[steven36]

That's like they put Virgil Griffith who teach North Korea  how to use  cryptocurrency and blockchain technology in jail  it's too late they already learned how to use it.  USA  had there chance to stop NK  after World War 2 and they didn't  do it .  People need to stop being fools  and  just delete  spam emails when they see them . When they get someone to click on a spam email  and it infect them and steal there stuff that not really hacking no ways  thats social engineering .  People  who dont even know how to hack can buy some malware on the darknet with cryptocurrency and trick people . Because people are foolish enough to click on anything.

 

In my emails i dont use one from the USA  i never see no emails from  anything i didn't  sign up for or if i don't  know them .Because i'm careful who i sign up with  if  it's a site i don't trust not to sale my email  i use a junk mail.  I guess hackers must be buying emails  off the darknet  or they would not have them  to begin with?  Are maybe they do like the CIA do and act like there  Tech people wanting to buy data  and get it from a  legit source who knows ?

 

State Spies don't care were the money come from  it like the CIA sold drugs to fund  wars when they  claim it was a war on drugs in the USA . It's like they say there  a cyberwar  were are they getting the money  for it?  You never sure if it was the NSA or CIA  attack you or did  they hire some hackers to do it and the money  to fund it be from crime.

[Sylence]

@steven36 No it's not really.

[tivstip]

in USA the things are very simple

 

kaspersky is "banned"  so its clear agencies have access only to norton

tiktok is "banned" and its clear  agencies have access only to whatsapp and facebook

 

if you are smart enought you can deduce the rest from here 

 

[Sylence]

2 hours ago, tivstip said:

in USA the things are very simple

 

kaspersky is "banned"  so its clear agencies have access only to norton

tiktok is "banned" and its clear  agencies have access only to whatsapp and facebook

 

if you are smart enought you can deduce the rest from here 

 

 

Yeah it's so silly, Kaspersky is the best Antivirus and yet they don't let American companies use them only because of false lies and fake news.

[steven36]

9 hours ago, tivstip said:

in USA the things are very simple

 

kaspersky is "banned"  so its clear agencies have access only to norton

tiktok is "banned" and its clear  agencies have access only to whatsapp and facebook

 

if you are smart enought you can deduce the rest from here 

 

WTF  does this have  to do with Microsoft going to court to shut down  50  urls hotrnall.com,” “office356-us.org,” and “mai1.info, domains  when the hackers will just make new ones in a few days ? Besides what you say is not true no way . Kaspersky is only banned  in the Goverment  there is a reason for it too .there  a guy in jail  now  that worked for  NSA and took his work  home were he was using Kaspersky   and Russia got a hold of some state secrets  via his laptop thats why it got banned in goverment .   The courts let Eugene Kaspersky speak but when  it comes to national security they not going listen to a guy who was KGB . . I dont even know if Kaspersky know Russia  had hacked  them  but that not the 1st time Kaspersky was  hacked.Israel hacked Kaspersky in 2015 and stole info from Russia  and  gave some of it to NSA.    

 

  As far as Tiktok thats not really been ban they no law  on it  just some of the military stop using it because they dont trust Chinese made software. 

 

That's not how that  works noway they have a list  of Anti malware  products they can chose  from  and Kaspesky just not on the list no more  , as far as TiKToc  it's nothing like  Facebook  and whatsapp  . It's more like YouTube  it's a annoying music video app  that mostly only kids and teens use  . If it was like Facebook no one would even use it  because  billions of people already  use Facebook.

 

Fact is  any antivirus can be hacked  by any country . Israel proved that also they sell tools  to hack whatsapp  , Apple iphones  ,etc  anything can be hacked.

https://www.theregister.co.uk/2017/10/11/israel_russia_kaspersky/

 

The biggest  problem is  if you live  in the West  if they catch Russia doing something wrong your goverment  will most likely will  protect you against it  but if they catch NSA  doing it i doubt they would  protect  you because they have a  alliance with the USA .  In some cases even Russia and USA work togther  when it benefits both parties when it comes to cyber security  .

 

Anyway  the Kaspersky  ban was  downgraded  in the USA

Quote

When the ban was first imposed the pair said the company was identified as a real and present danger. These days they said a mere "potential" threat

 

But  Kaspersky talked a lot of stuff back then like they was going be more transparent and was going open up the source code  and nothing they said seen the light of day . Kaspersky Labs has an attribution problem they showed 0 evidence to the goverment if  they did or did not know about the hacks. The way court works to  get off the blacklist  you have to prove you meant no harm. Talk  is cheap  and only evidence matters and they had none .

[Sylence]

@steven36 Kaspersky doesn't need to open source anything, neither do they need to prove anything to anyone. they have proved enough already and those who should know already know it.

 

https://www.youtube.com/channel/UCKGe7fZ_S788Jaspxg-_5Sg

[steven36]

1 hour ago, Sylence said:

Kaspersky doesn't need to open source anything, neither do they need to prove anything to anyone. they have proved enough already and those who should know already know it.

Kaspersky didn't prove nothing  but they lie , No one ask  Kaspersky  to open up the source  that was there idea  they the one that said it  don't say nothing you don't mean  because thats a big problem with the internet it never forgets anything you say. It's  is  online forever even  if it's deleted  it may be backed up at some archive site and most likely  all sites didn't delete your statement if your a big company  even if you retracted it. Talk  is not proving anything you have to be able  to back up what you say with proofs and actions . 1st lesson of the internet  dont believe  marketing  hype in this day and age everyday a company  says something  that never comes  to light 2 years latter. 

 

Some in my family  bought Kaspersky  for years because i use to recommend to people that did not know much about computers . Me myself  i dont use  it since the 2000s  and I stop recommending  it in the 2010s . But i still  think  it's a better choice  than Norton  but if your going to pay there is better ones than Kaspersky  why use something that your not sure about it?  The reason most people on warez boards use it is because it can be cracked easy . If it can be cracked easy  it can be hacked easy. Even NOD32  is hard to activate  nowadays. If everyone can use a commercial product for free you have to question  it's security .

 

It's like people who act like they support Microsoft who use pirate versions who try to convince me someone who paid Microsoft to use there stuff  for 20 years  try to tell me i should use Windows 10 .i think not I can just use Linux  LTS  legal   and not have to crack my OS to get  Windows that worth using . I got rid of the free version of Windows 10 Microsoft gave me 611 days ago and im not using no cracked enterprise version. that just  shows me Windows no  longer have a consumer version worth using  anymore  that they really a enterprise software company now . Only way they can prove different is start selling PCs to consumers again like they do to businesses nowadays. I'm a home user i could care less what they sale to Enterprise they have be able to  give  me the consumer a reason to buy again. Proofs and actions. 1st thing you learn in business is the costumer is always right and they seem to have forgot this  they think they  can sale us what they want us to have and not what we want.   

 

But  i really not used Kapersky  since the 2000s  10 years ago.

[Sylence]

@steven36 They didn't

[T3rM1nat0Rr3]

Off-Topic, Unnecessary, Derogatory, Ineffective, Irrelevant, Comment(s) Removed.

[Matrix]

3 hours ago, tivstip said:

Unhide the comment. Dont make me write again.

Brother I hope you are just having a bad day! Please Don't make it worst by making demands or challenging staff !!

Staff have hidden comments here because they are deemed inappropriate and would only further create more animosity between members its our job to maintain peace and order. But of course any decision made by staff can be questioned by PM to Admin @Matt we are also answerable for all our actions just as you.

Chill out brother none of this is really worth being upset or in trouble over.

Happy New Year.. Good luck to you..

 

Unnecessary, Derogatory, Ineffective , Comment Removed.

 

[steven36]

19 hours ago, Sylence said:

@steven36 They didn't

We will open every door, check everything. We don’t have any secrets!

http://www.bbc.com/news/technology-41267221

 

 

 

 

Judge Kollar-Kotelly did just that, summarily tossing both Kaspersky claims with a single ruling that Uncle Sam is well within its powers to bar agencies from using Kaspersky's products.

 

In the first part of her decision, Kollar-Kotelly ruled that the NDAA does not run afoul of the Fifth Amendment as it does not meet the definition of an unconstitutional "bill of attainder."

 

"The NDAA does not inflict 'punishment' on Kaspersky Lab," the judgment read.

 

"It eliminates a perceived risk to the Nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation."

 

 

In the second part of her decision, Kollar-Kotelly went on to find that because the NDAA was upheld and will go into effect later this year, BOD 17-01 would not cause any additional damage to Kaspersky – as agencies aren't going to buy its products with another ban looming – so that appeal was dismissed as well.

 

"Under these circumstances, it is completely implausible that any government entity would purchase a Kaspersky Lab product before October 1st," the judge reasoned.

 

Given the lack of evidence of wrongdoing by the company and the imputation of malicious cyber activity by nation-states to a private company, these decisions have broad implications for the global technology community."

 

Source: https://www.theregister.co.uk/2018/05/30/us_court_kaspersky_ban_appeal/

 

Kaspersky is all talk  they didn't have any  evidence so they lost there appeal .

 

Only thing Kaspersky done good  was correctly ID'd US government malware when no one else did. But  that malware  was designed in a way  it didn't  infect  no one  but it's target. But when Kaspersky  is the target of  govermet hacking what they found before is no help  . so ether way i would not recommend  it .

 

When NSA/CIA malware became a problem to the general public and not it's targets was because a mole stole it and released it source code to black hats.

[Sylence]

@steven36 Mr. Kaspersky is right, that ban is unfair and only makes bad guys happy

[mkc21]

how come they bought domains from microsoft?

[Sylence]

40 minutes ago, mkc21 said:

how come they bought domains from microsoft?

 

They didn't. they bought this domain rnicrosoft.com which is similar to microsoft.com

notice rn looks like m