Microsoft succeeds in seizing a domain used by a hacker group suspected of involving the Chinese government

Microsoft has announced that it has successfully seized 42 domains used by China-based hacker group Nickel. The involvement of the Chinese government is suspected because the hacker group targets government agencies, think tanks, and human rights groups in China's geopolitical enemies.


Nickel_bc_Order Granting TRO

Protecting people from recent cyberattacks --Microsoft On the Issues

Microsoft seizes sites used by APT15 Chinese state hackers

Microsoft seizes domains used by Chinese cyber-espionage group Nickel (APT15) --The Record by Recorded Future

On December 6, 2021, Microsoft's Digital Crimes Unit (DCU), the Digital Crime Countermeasures Division, announced that it had successfully disrupted Nickel. DCU's sabotage operation is to seize the domain Nickel used to attack organizations in the United States and 28 countries around the world, and DCU will forcefully transfer control of that domain to the Federal Court of Virginia. We asked for legal permission, and after obtaining permission, we redirected access to the domain to a secure server.

The successful sabotage operation does not hurt Nickel's organization itself, but DCU says it 'successfully removed a key part of the infrastructure Nickel used in a series of attacks.' ..

Nickel is Microsoft from 2016 threat intelligence is the department Threat Intelligence Center in hacker groups that are tracked, also known as the 'APT15', 'KE3CHANG', 'Vixen Panda,' 'Royal APT' 'Playful Dragon'. According to the announcement, Nickel is active in the United States, Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominica, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Below are 29 countries in Brazil, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad Tobago, United Kingdom and Venezuela, with a world map showing these countries.

According to the DCU, Nickel's targets are private organizations and public institutions, including diplomatic organizations and the Ministry of Foreign Affairs of the above countries. The DCU declined to state that the Chinese government was involved in Nickel, but noted that 'Nickel's target and China's geopolitical interests are often related.'

DCU claims to be a pioneer in the tactics of seizing the domains used by cybercriminals, and as a result, with 24 complaints already, more than 10,000 malicious websites used by cybercriminals. It claims that it has shut down more than 600 websites used by state-sponsored hacker groups and blocked more than 600,000 websites expected to be used by cybercriminals in the future.

in Security, Posted by darkhorse_log