REDMOND, WASHINGTON — Microsoft has filed a lawsuit against two anonymous North Korean hackers for stealing user information in a hacking operation called Thallium.
The hackers were using 50 domains as part of their cyber operation, according to ZDNet.
In the court documents for the lawsuit, which was filed on December 18, Microsoft explained that hackers would send spear phishing emails to users that pretended to be from a Microsoft Account Team.
The emails would include a link to a host phishing page that would encourage users to enter their account credentials. Once hackers gained access gained access to a users' account, they would be able to review user emails, contact lists and other information.
In addition, Microsoft said the hackers were able to use misleading domains to trick users into clicking links that would result in malware such as KimJongRAT and BabyShark, which are remote access trojans, being installed on a user's computer.
This type of malware is able to exfiltrate information and wait to receive additional commands from the hackers who installed it, ZDNet reports.
Most targeted users were based in the U.S., Japan and South Korea.
According to ZDNet, Microsoft has since been granted a court order by U.S. authorities to take over the 50 domains used by the North Korean hackers. The tech company has since taken those websites down.
Microsoft had previously notified 10,000 users in July that their accounts had been targeted by hackers from North Korea, Russia and Iran over the past 12 months, CBS News reports.