黑客组织_微软锁定了另一个国家黑客组织

黑客组织

We live in the information age where conventional wars have given way to cyberwarfare. Being the most wired country in the World, the U.S receives the brunt of attacks from hackers & other nefarious players online. With the recent escalation of the geopolitical tensions in the Middle Eastern region, we may see an increase in such attacks from Iranian hackers on the online U.S targets.

我们生活在信息时代，常规战争已取代了网络战争。 作为世界上联系最紧密的国家，美国首当其冲受到网上黑客和其他邪恶玩家的攻击。 随着中东地区地缘政治紧张局势的最近升级，我们可能会看到伊朗黑客对美国在线目标的此类攻击有所增加。

Talking about specific targets, Microsoft Office suite is the most widely used software around the world, and is also the favorite target for hackers offering the most vulnerability. According to a recent report by Kaspersky Lab for Q3 2019, Over 70% of the total complaints received by Kaspersky were related to applications within Microsoft Office (figure below).

谈到特定的目标，Mic r osoft Office套件是世界上使用最广泛的软件，也是提供漏洞最多的黑客的最爱目标。 根据卡巴斯基实验室最新发布的2019年第三季度报告 ，卡巴斯基收到的全部投诉中有70％以上与Microsoft Office中的应用程序有关(下图)。

Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) had recently been tracking the activity of one such hacker group Thallium — finally figuring out that the group was running a network of websites, domains & internet-connected computers for its malicious activities. Enabled by court order, Microsoft was able to take down 50 domains that Thallium was using to conduct its nefarious activities.

微软的数字犯罪部门(DCU)和微软威胁情报中心(MSTIC)最近一直在追踪一个这样的黑客组织Thallium的活动-最终弄清该组织正在运行一个由网站，域名和互联网连接的计算机组成的网络恶意活动。 由法院命令启用，微软才得以拿下 50个域铊使用进行其邪恶活动。

Figure 1

图1

The network was targeting victims with a combination of spear-fishing and malware — where the first involves tricking people into clicking on malicious links where they are asked to input personal information, while the latter involves installing malicious code on victim’s computer compromising systems and stealing data. The malware maintains its presence waiting for further instructions from a third party server controlling it.

该网络以鱼叉钓鱼和恶意软件的组合来瞄准受害者，其中第一个涉及诱骗人们单击恶意链接，要求他们输入个人信息，而后者则涉及在受害者的计算机上安装恶意代码，从而破坏系统并窃取数据。 。 该恶意软件保持其存在，等待来自控制它的第三方服务器的进一步指示。

The typical mode of attack by Thallium is spear-fishing where they first gather personal information of targeted individuals from their public profiles on platforms like social media profiles & other public directories etc. before shooting out a “credible” looking email to them (Figure 2 below). However, a closer inspection of such a message reveals the discrepancies — look how the “r” and “n” (underlined in red) are made to look like the “m” in microsoft.com.

Thallium的典型攻击方式是鱼叉钓鱼，在这种情况下，他们首先在社交媒体资料和其他公共目录等平台上从其公开资料中收集目标个人的个人信息，然后向他们发送“可信”的电子邮件(图2)。下面)。 但是，仔细检查此类消息会发现这些差异–在microsoft.com中，如何使“ r”和“ n”(红色下划线)看起来像“ m”。

Once the victims click on the fake link, they are taken to a fraudulent website that asks you for your login credentials. After Thallium has your login details, they can log into your accounts and look into your emails, contacts, appointment & other personal information.

一旦受害者单击虚假链接，他们就会被带到一个欺诈性网站，该网站要求您提供登录凭据。 在Thallium获得您的登录详细信息之后，他们可以登录到您的帐户并查看您的电子邮件，联系人，约会和其他个人信息。

Figure 2

图2

They also create a mail forwarding rule in your email account settings, where all your emails are forwarded to Thallium controlled accounts. The forwarding rule will need to be deleted otherwise they will keep receiving your emails even if you change the password.

他们还会在您的电子邮件帐户设置中创建一个邮件转发规则，将您的所有电子邮件转发到Thallium控制的帐户。 转发规则将需要删除，否则即使您更改密码，它们也将继续接收您的电子邮件。

According to Microsoft’s blog, targets for these cyber attacks included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues — mostly based in the U.S, Japan & South Korea. The malware employed by Thallium to compromise the targeted systems is called “BabyShark” and “KimJongRAT.”

根据微软的博客，这些网络攻击的目标包括政府雇员，智囊团，大学工作人员，致力于世界和平与人权的组织成员以及致力于核扩散问题的个人，这些人大多位于美国，日本和南方韩国。 Thallium用来破坏目标系统的恶意软件称为“ BabyShark”和“ KimJongRAT”。

This is the fourth such nation-state activity group against which Microsoft had to opt for legal action to take down their malicious network infrastructure. The other three groups disputed by Microsoft included Barium from China, Strontium from Russia & Phosphorus from Iran.

这是微软必须采取法律行动以关闭其恶意网络基础结构的第四个此类民族国家活动组织。 微软公司提出争议的其他三个集团包括来自中国的钡 ，来自俄罗斯的锶和来自伊朗的磷 。

In similar news, Kaspersky has released another report which suggests that Lazarus — a well-known hacker group which is also believed to have ties with the North Korean dictatorship is using the privacy-centric messaging app Telegram to steal cryptocurrency.

在类似的消息中，卡巴斯基发布了另一份报告 ，该报告暗示拉撒路 - 一个也被认为与朝鲜独裁有联系的知名黑客组织正在使用以隐私为中心的消息收发应用Telegram来窃取加密货币。

While Microsoft has pledged to increase the security of its products from the knowledge they gained from Thallium, there are things that you can do to protect yourself — use two-factor authentication on all your accounts, learn to identify phishing scams & enable alerts about links and files from suspicious websites.

尽管微软已承诺从Thallium获得的知识来提高其产品的安全性，但是您可以采取一些措施来保护自己—对所有帐户使用两因素身份验证，学习识别网络钓鱼诈骗并启用有关链接的警报和来自可疑网站的文件。

及时了解重要内容- 加入我的邮件列表 (Stay informed with the content that matters — Join my mailing list)

翻译自: https://medium.com/technicity/microsoft-pins-down-another-nation-state-hacker-group-9e8bde4f493e

黑客组织