North Korea Accused of Attacking Windows Users
Microsoft has warned users to pay particularly close attention to emails that appear to come from "microsoft.com". A simple trick involving spelling was the key to a security attack that Microsoft believes was instigated by North Korea.
A US court has given Microsoft legal control of 50 web domains it says were used to carry out cyber attacks on Windows users. It's said to be the work of a group dubbed Thallium operating out of North Korea.
Microsoft says the attacks were targeted at "government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues." (Source: microsoft.com)
Social Media Used For Targeting
The attacks involved something called "spear phishing." That's a variant on the familiar tactic of sending messages that appear to come from a trusted source to trick recipients into opening an attachment, then clicking a link or handing over sensitive data. The end goal is to use malware to gain access to, and even control of, the victim's computers.
"Spear" refers to the attackers not simply spamming as many people as possible and playing the numbers game, but rather specifically targeting users in particular groups. That may have involved using social media or even staff directories. (Source: forbes.com)
In this case the bogus messages claimed somebody had tried to sign in to the user's account and that Microsoft itself was contacting the user as a security check. One variant of the message invited users to click a link to review their recent web activity.
Misspelling Overcomes Skepticism
The trick which appears to have worked comparatively well involves the sender's address. Often phishing attacks rely on spoofing the displayed sender's name and hoping the victim doesn't look closely at the details in their email software or service, which often reveal the actual address from which the message came.
The attackers were able to send the messages from an address at "rnicrosoft.com." That may be clear for many readers on Infopackets, but in some email applications and with some type settings, it's not obvious at first glance that the "rnicrosoft" begins with an 'r' and an 'n' rather than an 'm'.
What's Your Opinion?
How good do you think you are at spotting phishing attempts? Have you ever contacted a friend or colleague to check if it was really them who sent an attachment or link? Can companies and governments really hope to win the battle against scammers if they are up against state-sponsored hackers?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
I got something very similar to this but it was from Facebook
Bogus report of somebody had tried to sign in to my account and that Facebook itself was contacting me as a security check when I tried to log in. The message invited me to click a link to review the login attempt log and they wanted my phone number which I would not give them. They locked me out for a few days and then I was able to get in again after that.
Does anybody know if this was Facebook standard operating procedure?
Can companies and governments really hope to win the battle agai
Our own government intelligence agencies found and used undocumented flaws in windows 7.
They stored them on a server on the internet and of course they got hacked!!!!!!!!
Our government is no help as they are IDIOTS!!!!!!!!!!!!!!!
Cyber retaliation classes?
How about give them a dose of their own medicine?
Last week I had 255 emails which sent a red flag. Someone had gotten into my Yahoo web mail. They tried to order with a card that no longer existed that was left on my Fry's Electronics account. I do have to question that maybe it's better to go back to an email client and go with my isp more often. It is nice that Gmail and some banks will send you a warning if they don't recognize your ip address.
A lot of hacking is by countries where the user can't afford software. Gaming accounts are often hacked.
I think the only solution is once they are found, assassinate them.
Private companies can do a better job than any government. (not named Microsoft)