Microsoft has taken control of a number of websites that were being used by a hacking group funded by the Chinese government to target organizations in 29 countries, including the United States.
Microsoft said it observed “highly sophisticated” attacks that installed hard-to-detect malware that facilitates intrusion, surveillance, and data theft.
Microsoft has been tracking Nickel since 2016 and previously described it as one of the “most active” hacking groups targeting government agencies.
Nickel’s attacks, according to Microsoft, exploited compromised third-party virtual private network (VPN) vendors and credentials obtained through spear-phishing efforts in some cases, and weaknesses in Microsoft’s own Exchange Server and SharePoint system in others.
Microsoft, on the other hand, stated that “as part of these assaults, no new vulnerabilities in Microsoft products have been detected.”
A federal judge in Virginia has given an order authorizing Microsoft to take control of the websites and divert traffic to Microsoft servers, according to Microsoft’s Digital Crimes Unit (DCI).
According to the corporation, a state-sponsored hacking gang known as Nickel, or APT15, was using these fraudulent websites to acquire intelligence from government institutions, think tanks, and human rights organizations.
Microsoft’s Digital Crimes Unit stated it has taken down more than 10,000 harmful websites used by cybercriminals and nearly 600 by nation-state actors through 24 lawsuits.
The team acquired control of rogue web domains used in a large-scale hack that employed faked emails to target people in 62 countries earlier this year.
Nickel’s targets were not named by Microsoft, but the group was claimed to be targeting organizations in the United States and 28 other countries.
Nickel targeted organizations in Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom, and Venezuela, in addition to the United States.
Read more on Tech Gist Africa
Russian hacker targets Apple in a ransomware attack demands $50 million