Microsoft seizes 42 websites of Chinese hacking group

Microsoft said Monday it seized 42 websites from a Chinese hacking group in an attempt to disrupt the group’s intelligence-gathering operations.

The company said in a press release that a Virginia federal court had granted Microsoft’s request to allow its Digital Crimes Unit to take over US-based websites, which were operated by a group of hackers. known as Nickel or APT15. The company redirects website traffic to secure Microsoft servers to “help us protect existing and future victims while learning more about Nickel’s business.”

Microsoft said it had been following Nickel since 2016 and discovered that its “very sophisticated” attacks were aimed at installing covert malware that allowed for surveillance and data theft.

In this most recent case, Nickel attacked organizations in 29 countries and used the information it collected “for intelligence gathering from government agencies, think tanks, universities and advocacy organizations. of humans, ”Tom Burt, Microsoft’s vice president of security and trust, said in the press release. Microsoft did not name the organizations that had been targeted.

In court documents released on Monday, Microsoft detailed how hackers target users through techniques such as compromising third-party virtual private networks and phishing, in which a hacker poses as a trusted entity, often in the purpose of getting someone to provide information such as a password.

After using these strategies to install malware on a user’s computer, the company said, Nickel would connect the computer to malicious websites that Microsoft has since seized.

The company argued that the process, because it involved hacking into computers and modifying Microsoft operating systems and sometimes masquerading as Microsoft, “involves an abuse of Microsoft’s brands and trademarks, and misleads users by showing them a modified and unauthorized version of Windows. . “

In its decision, the court agreed to issue a temporary restraining order against the hackers and to cede the websites, which were registered in Virginia, to Microsoft.

“There is good reason to believe that unless the defendants are detained and summoned by order of this court, immediate and irreparable damage will result from the defendants’ continued violations,” the court wrote in its decision.

Microsoft said it has not discovered any new vulnerabilities in its products related to the attacks.

“Our disruption will not prevent Nickel from continuing other hacking activities, but we believe we have removed a key piece of the infrastructure the group was relying on for this latest wave of attacks,” Burt said. .

Microsoft said it discovered that the group often targets regions in which China has a geopolitical interest. Nickel has targeted diplomatic organizations and foreign ministries in the Western Hemisphere, Europe and Africa, among other groups, the company said.

The company said its Digital Crimes Unit, through 24 prosecutions, removed more than 10,000 malicious websites used by cybercriminals and nearly 600 used by state actors, and blocked the registration of another 600,000.

John Hammond, a researcher at cybersecurity firm Huntress Labs, said Microsoft’s decision against websites was a good example of “proactive protection against cybercrime.”

“This action by Microsoft is a great example of these preventative efforts before threat actors do more damage,” Hammond said, adding that it “sends a signal to the attacker when key infrastructure is taken offline “.

U.S. cybersecurity agencies have warned that the Chinese hack poses a “major threat” to the United States and its allies.

In July, the Biden administration accused the Chinese government of being responsible for a hacking campaign this year that compromised a Microsoft email service used by some of the world’s largest corporations and governments.

Some of the European governments that condemned China at the time accused it of allowing hackers to operate in Chinese territory, but the United States and Britain have gone further, claiming the Chinese government was directly responsible.

China’s State Security Ministry “has fostered an ecosystem of criminal hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” the secretary said at the time. State Antony J. Blinken.

Liu Pengyu, spokesperson for the Chinese embassy, ​​said at the time that the accusation was one of many “baseless attacks.”

Previous BAI Communications acquires Vilicom and expands in Europe
Next Fort St. John's peer outreach services to be replaced with safe injection and overdose prevention services