Microsoft has seized 42 websites from a and intelligence-gathering China-based hacking group which it has dubbed Nickel.
A federal court granted Microsoft’s request to allow it Digital Crimes Unit to take over the US-based websites and redirecting traffic to secure Microsoft servers.
Tom Burt, corporate vice-president: customer security and trust at Microsoft, says in a company blog that Nickel was using the website to attack organizations in the US and 28 other countries around the world.
By seizing them, Microsoft is able cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks, he adds.
“We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organisations.
“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities. Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”
The Microsoft Threat Intelligence Centre (MSTIC) has been tracking Nickel since 2016, he says, and analysing this specific activity since 2019.
“The attacks MSTIC observed are highly sophisticated and used a variety of techniques but nearly always had one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance and data theft,” says Burt.
“Sometimes, Nickel’s attacks used compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear phishing campaigns. In some observed activity, Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems.
“However, we have not observed any new vulnerabilities in Microsoft products as part of these attacks,” he adds. “Microsoft has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender.”
Nickel has targeted organisations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa.