Microsoft takes control of websites used by China-based hacking group
On Monday, Microsoft announced that a Federal Court had granted a request to allow the company to seize websites being used by a Chinese-based hacking group that was targeting organizations in the United States and 28 other nations.
Microsoft has now disrupted the activities of a China-based hacking group, gaining control of the malicious websites the group used to attack organizations and other countries around the world.
The hacking group has been termed “Nickel” by Microsoft. Tom Burt, Corporate Vice President, Customer Security, and Trust at Microsoft said, “It was observed to be targeting think tanks, human rights organizations, government agencies, and diplomatic organizations for intelligence gathering purposes.”
Nickel targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe, and Africa. In some observed activities, Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems.
The Microsoft Digital Crimes Unit (DCU) said in a statement that a Federal Court in Virginia granted its request to seize websites of the hacking group, enabling the company to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks.
Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help the company protect existing and future victims while learning more about Nickel’s activities.
“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Burt said late on Monday.
“We have also successfully blocked the registration of 600,000 sites to get ahead of criminal actors that planned to use them maliciously in the future,” the tech giant informed.
“However, we have not observed any new vulnerabilities in Microsoft products as part of these attacks. Microsoft has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender,” the company noted.
Microsoft’s Threat Intelligence Center began tracking Nickel in 2016, with the group consistently using malware to intrude into company networks, conduct surveillance, and steal data. Vulnerabilities in Microsoft’s Exchange Server and SharePoint system were among those used to infiltrate companies, though Burt emphasized that there were “no new vulnerabilities” in Microsoft products discovered while investigating Nickel’s activities.
To date, in 24 lawsuits – five against nation-state actors — Microsoft has taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors.
[With Inputs from IANS]
PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views
For all the latest updates, download PGurus App.