A cybercrime group called Thallium stole consumers’ login information via phishing, says Microsoft.

Microsoft has sued a cybercrime group in an effort to disrupt its alleged attacks on the public. The North Korean-based group used phishing emails and fake websites that pretended to come from the Windows maker to steal consumers’ credentials, Microsoft says.

A court order has allowed the Redmond, Wash-based company to take control of 50 domains used for cyberattacks by the alleged hackers.   

The US District Court for the Eastern District of Virginia unsealed documents on Dec. 27 in a suit filed earlier in the month by Microsoft against a group called Thallium, according to a Microsoft blog post Monday. 

“With this action, the sites can no longer be used to execute attacks,” Microsoft said.  

Thallium is accused of using a technique known as spear-phishing to create personalized emails to trick recipients to click on links that would give the group access to their login info. From there, the group allegedly reviewed emails and had new emails automatically forwarded to them. The hackers also allegedly made use of the BabyShark and KimJongRAT malware. Most of the victims were based in the US, Japan and South Korea and tended to be government workers, think tank employees, university staff members, members of groups focused on human rights, and individuals who work on nuclear proliferation issues.

This is the fourth nation-state activity group Microsoft has filed legal action against. It previously used the courts to disrupt groups operating in China, Russia and Iran.