Microsoft seizes domains used by Chinese hacking group

The tech giant claimed that there’s often correlation between the group’s targets and China’s geopolitical interests

Microsoft has revealed that it has disrupted the activities of a China-based hacking group it has been tracking since 2016. 

A federal court in Virginia granted the company’s request to seize websites belonging to the group, dubbed Nickel, which was using them to attack organisations in the US and 28 other countries around the world.

Microsoft believes the attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organisations.

Microsoft said it had been tracking Nickel since 2016 and analysing the way it has targeted government organisations across Latin America and Europe since 2019. The tech giant said the attacks were highly sophisticated and nearly always had one goal, to insert hard-to-detect malware that facilitates intrusion, surveillance, and data theft.

Sometimes, the attacks used compromised third-party virtual private network suppliers or stolen credentials obtained from spear phishing campaigns. In some observed activity, the malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems. Microsoft underlined it had not observed any new vulnerabilities in its products as part of the attacks, and has created unique signatures to detect and protect from known Nickel activity in its security products.

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” said Tom Burt, Microsoft corporate vice president of Customer Security & Trust.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”

The tech giant explained that Nickel targeted organisations in both the private and public sectors, including diplomatic organisations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa. It added that there is often a correlation between Nickel’s targets and China’s geopolitical interests.

Other countries in which Nickel has been active include Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the United Kingdom, and Venezuela.

The company added that others in the security community who have researched the group refer to them by different names, including KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance
Microsoft Windows

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance

21 Jan 2022
Microsoft buys game developer Activision Blizzard for $68.7 billion
mergers and acquisitions

Microsoft buys game developer Activision Blizzard for $68.7 billion

18 Jan 2022
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
cyber security

Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update

12 Jan 2022
Windows 11 problems and how to fix them
Microsoft Windows

Windows 11 problems and how to fix them

7 Jan 2022

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022