Microsoft Seizes Malicious Websites Used by Prolific Chinese APT Group

Microsoft’s Digital Crimes Unit (DCU) has seized sites used by a China-based cyber-espionage hacking team to carry out cyber attacks on government agencies, think tanks and human rights organizations in about 29 countries, including the United States.

The hacking group, dubbed Nickel by Microsoft, is also known as APT15, Vixen Panda, KE3CHANG, Royal APT and Playful Dragon.

The disruption of the threat group’s infrastructure came via a court order given to Microsoft by the U.S. District Court for the Eastern District of Virginia, which was overturned today.

“Taking control of the malicious sites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” wrote Tom Burt, Vice President of Customer Security and Trust, in a post announcing news today. “Our disruption will not prevent Nickel from continuing other hacking activities, but we believe we have removed an important part of the infrastructure on which the group has relied for this latest wave of attacks.”

Microsoft’s Threat Intelligence Center has been monitoring Nickel since 2016 and studying the group’s cyber espionage campaigns through the infrastructure since 2019. The attackers targeted unpatched Exchange Server and SharePoint systems.

Read more here and here.

Stay up to date with the latest cyber security threats, newly discovered vulnerabilities, information about data breaches and new trends. Delivered daily or weekly straight to your inbox.



Leave a Reply

Your email address will not be published. Required fields are marked *