HomeTechnologyMicrosoft Seizes Domains Used by a Chinese Hacking Group

Microsoft Seizes Domains Used by a Chinese Hacking Group


master mentalism tricks

Microsoft said it has seized control of servers that a China-based hacking group was using to compromise targets that align with that country’s geopolitical interests.

The hacking group, which Microsoft has dubbed Nickel, has been in Microsoft’s sights since at least 2016, and the software company has been tracking the now-disrupted intelligence-gathering campaign since 2019. The attacks—against government agencies, think tanks, and human rights organizations in the US and 28 other countries—were “highly sophisticated,” Microsoft said, and used a variety of techniques, including exploiting vulnerabilities in software that targets had yet to patch.

Down but Not Out

Late last week, Microsoft sought a court order to seize websites Nickel was using to compromise targets. The US District Court for the Eastern District of Virginia granted the motion and unsealed the order on Monday. With control of Nickel’s infrastructure, Microsoft will now “sinkhole” the traffic, meaning it’s diverted away from Nickel’s servers and to Microsoft-operated servers, which can neutralize the threat and allow Microsoft to obtain intelligence about how the group and its software work.

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Tom Burt, the company’s corporate vice president of customer security and trust, wrote in a blog post. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”

Targeted organizations included those in both the private and public sectors, including diplomatic entities and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe, and Africa. Often, there was a correlation between the targets and geopolitical interests in China.

Targeted organizations were located in other countries including Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the United Kingdom, and Venezuela.

Names other security researchers use for Nickel include KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon.

More Than 10,000 Sites Taken Down

Microsoft’s legal action last week was the 24th lawsuit the company has filed against threat actors, five of which were nation-sponsored. The lawsuits have resulted in the takedown of 10,000 malicious websites used by financially motivated hackers and almost 600 sites used by nation-state hackers. Microsoft has also blocked the registration of 600,000 sites that hackers had planned to use in attacks.

In these suits, Microsoft has invoked various federal laws—including the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and US trademark law—as a way to seize domain names used for command-and-control servers. Legal actions led to the seizure in 2012 of infrastructure used by the Kremlin-backed Fancy Bear hacking group as well as nation-sponsored attack groups in Iran, China, and North Korea. The software maker has also used lawsuits to disrupt botnets going by names like Zeus, Nitol, ZeroAccessBamatal, and TrickBot.

A legal action Microsoft took in 2014 led to the takedown of more than a million legitimate servers that rely on No-IP.com, resulting in large numbers of law-abiding people being unable to reach benign websites. Microsoft was bitterly castigated for the move.

VPNs, Stolen Credentials, and Unpatched Servers

In some cases, Nickel hacked targets using compromised third-party VPN suppliers or stolen credentials obtained through spear-phishing. In other cases, the group exploited vulnerabilities Microsoft had patched but victims had yet to install in on-premises Exchange Server or SharePoint systems. A separate blog post published by Microsoft’s Threat Intelligence Center explained:

MSTIC has observed NICKEL actors using exploits against unpatched systems to compromise remote access services and appliances. Upon successful intrusion, they have used credential dumpers or stealers to obtain legitimate credentials, which they used to gain access to victim accounts. NICKEL actors created and deployed custom malware that allowed them to maintain persistence on victim networks over extended periods of time. MSTIC has also observed NICKEL perform frequent and scheduled data collection and exfiltration from victim networks.

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Report: Marvel’s Avengers Support Ending Soon [Update: Confirmed]
The Boogeyman Theatrical Release Date Set for Stephen King Movie
‘Pokemon’s Next Season Is the Last Starring Ash and Pikachu
Andrea Riseborough’s Oscar-nominated role is just one part of a
Ginny & Georgia Showrunner Breaks Down Season 2’s Biggest Twists,
Roush Review: Fox’s ‘Accused’ Is Guilty of Ambitious Storytelling
Netflix to Clamp Down ‘More Broadly’ on Account Sharing, Introduce
‘How I Met Your Father’ EP on Casting John Corbett
Taylor Swift Is the Least of Ticketmaster’s Worries After Senate
Did Selena Gomez Tease Her New Album on Instagram?
Bad Bunny Reaches Tentative Settlement in ‘Safaera’ Copyright Lawsuit
Original Blade actor Stephen Dorff trashes “worthless garbage” comic book
Emily Ratajkowski Steps Out in Compression-Core Over-the-Knee Socks
The Style Significance of Meghann Fahy’s Daphne In The White
The 14 Best Drugstore Sunscreens for Protection on a Budget
Zoey Deutch Christmas Movie: Romcom Actor Has Enviable Style
Book Riot’s Deals of the Day for January 28, 2023
Ken Follett’s New Novel Concludes 1,000 Years of Western History
What Book Should I Read? Take This Quiz To Find
10 Things (Findings, Facts) You Didn’t Know About the Thesaurus
Half of the 250 Kids Expelled from Preschool Each Day
Mysterious 12-sided Roman object found in Belgium may have been
Measuring the enduring grip strength of the brown-throated sloth
A Recently Discovered Gas Cloud Near Andromeda Stumps Astronomers
The Best Chef’s Knives to Sharpen Your Home Cooking Skills
Shutterstock Teams Up With OpenAI to Sell AI-Generated Stock Images
Automakers to Double Spending on EVs to $1
A Russian Ransomware Gang Attack Destabilizes UK Royal Mail