Microsoft has announced the seizure of domains used in attacks conducted by a China-based group known as Nickel, on governments and NGOs across the EU, the Americas, and the Caribbean.
Microsoft Veep Tom Burt published two blog posts on Monday saying the Microsoft Digital Crimes Unit and Microsoft Threat Intelligence Center have been tracking Nickel since 2016 and that a federal court in Virginia granted the company’s request to seize websites used by the hacker collective to attack organizations in the EU, US, and other countries.
The posts explain that the company filed lawsuits in the US District Court for the Eastern District of Virginia.
The suits allowed the company to cut off Nickel’s access to its victim and prevent websites from being used in attacks. Burt said that Microsoft believes the attacks were used for intelligence gathering from human rights organizations, government agencies, and think tanks.
The court did not hesitate to grant the order which was unsealed after the completion of service on the hosting providers.
Getting control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help the company protect existing and future victims while gathering more information on Nickel.
Nickel’s prolific activities
The attacks targeted countries and organizations to intrude, surveil and steal data. The Microsoft Threat Intelligence center found that sometimes, the group managed to compromise VPN suppliers or get stolen credentials.
In other instances, they would take advantage of unpatched Exchange Server and SharePoint systems.
The company was quick to note that no new vulnerabilities in Microsoft products were used as part of the attacks. However, the Nickel attackers would breach a system and find ways to try and gain higher-value accounts. To learn more about Nickel’s activities, check out this post.