Thallium is believed to be operating from North Korea, Microsoft said in a blog post, and the hackers targeted government employees, think tanks, university staff members and individuals working on nuclear proliferation issues, among others.
Most of the targets were based in the United States, as well as Japan and South Korea, the company said. (https://bit.ly/2QB6CFc)
Thallium tricked victims through a technique known as "spear phishing," using credible-looking emails that appear legitimate at first glance.
Microsoft said it now has control of 50 web domains used by the group to conduct its operations, following a case filed against the hacking group in the U.S. District Court for the Eastern District of Virginia, and a subsequent court order.Thallium also used malware to compromise systems and steal data, and is the fourth nation-state group against which Microsoft has taken legal action, the company said.