Skip to main content

Microsoft shuts down North Korean phishing network

caption: Microsoft's headquarters in Redmond, Washington in 2014.
Enlarge Icon
Microsoft's headquarters in Redmond, Washington in 2014.
AP Photo/Ted S. Warren

Microsoft Corp. says it has shut down another cybercrime network with ties to a foreign government.

The Redmond, Washington-based company has already disrupted similar networks in China, Russia and Iran. The latest is in North Korea.

This attack starts with an email you may have seen. It looks like it's from the Account Team at Microsoft and it warns of unusual activity on your account. People who click the link funnel all their emails into servers controlled by North Korea.

Microsoft's digital crimes unit went to court to disable 50 domains controlled by this network, so they can't be used to execute attacks.

People in the U.S., Japan and South Korea who work in government, human rights and nuclear issues appear to have been targeted.

Those who were phished may find malware named KimJongRAT or BabyShark on their device and strange forwarding rules in their email account.

Why you can trust KUOW