Microsoft Seizes 42 Websites Used by China-Based Hacking Group to Carry Out Cyberattacks on US Organizations
In a news release, the technology corporation said that a federal court in Virginia had granted Microsoft's Dec. 2 request to allow its Digital Crimes Unit to seize the U.S.-based websites.
Microsoft seized a number of websites that were being used by a China-based hacking firm to carry out cyberattacks against organizations in the United States and 28 other countries around the world, the company announced on Monday.
In a news release, the technology corporation said that a federal court in Virginia had granted Microsoft’s Dec. 2 request to allow its Digital Crimes Unit to seize the U.S.-based websites, which were being run by a hacker group known as Nickel, APT15, orVixen Panda, and stop them from carrying out such attacks.
Microsoft said it has been tracking Nickel since 2016 and monitoring these specific operations since 2019.
“We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations,” Microsoft’s corporate vice president of customer security and trust, Tom Burt, said.
The company is redirecting the websites’ traffic to secure Microsoft servers to “help us protect existing and future victims while learning more about Nickel’s activities.”
However, Burt noted that “our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”
The hackers’ “highly sophisticated” attacks use a variety of techniques but often consist of installing inconspicuous malware that allows for data theft and surveillance.
“Sometimes, Nickel’s attacks used compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear-phishing campaigns,” Burt said. “In some observed activity, Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems. However, we have not observed any new vulnerabilities in Microsoft products as part of these attacks.”
Microsoft has created “unique signatures to detect and protect from known Nickel activity” through its various security products, such as the Microsoft 365 Defender.
The hackers’ attacks targeted both organizations in the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe, and Africa.
“There is often a correlation between Nickel’s targets and China’s geopolitical interests,” Microsoft said.
Microsoft said it will continue to “take down malicious infrastructure, better understand actor tactics, protect our customers and inform the broader debate on acceptable norms in cyberspace,” but acknowledged that it alone cannot prevent such attacks from cybercriminals.
The tech giant called on others operating within the industry, as well as governments and civil society to “come together and establish a new consensus for what is and isn’t appropriate behavior in cyberspace.”
So far, the company said its Digital Crimes Unit, through 24 lawsuits—five of which were against nation-state actors—had taken down more than 10,000 malicious websites used by cybercriminals and almost 600 used by nation-state actors, and had blocked the registration of 600,000 more.
The Biden administration and U.S. cybersecurity agencies have warned that hacking by the People’s Republic of China’s (PRC) presents a “major threat” to the United States and its allies.
In July, the administration accused the Chinese government of being behind a hacking campaign against Microsoft, which allowed the attackers to exploit a flaw in a Microsoft email application to go after a number of American targets, including a university and local governments.
“We have raised our concerns about both this incident and the PRC’s broader malicious cyber activity with senior PRC Government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace,” the White House said in a statement at the time.
In August, the White House announced that a number of the country’s leading technology companies have pledged to invest billions of dollars to bolster cybersecurity by training tens of thousands of people in cybersecurity skills, enhancing open-source software security, and providing technical services to help local governments boost security protections.
Katabella Roberts is a reporter currently based in Turkey. She covers news and business for The Epoch Times, focusing primarily on the United States.
The Epoch Times is the fastest-growing independent news media in America. We are nonpartisan and dedicated to truthful reporting.
We are free from the influence of any government, corporation, or political party—this is what makes us different from other media organizations. Our goal is to bring our readers accurate information so they can form their own opinions about the most significant topics of our time.
We don’t follow the unhealthy trend of agenda-driven journalism prevalent in today’s media environment. Instead, we use our principles of Truth and Tradition as our guiding light. We highlight in our reporting the best of humanity, the valuable lessons of history, and traditions that are beneficial for society.
The Epoch Times was founded in the United States in the year 2000 in response to communist repression and censorship in China. Our founders, Chinese-Americans who themselves had fled communism, sought to create an independent media to bring the world uncensored and truthful information.
The Epoch Times has received numerous awards for our reporting and design, including from the New York Press Association, the Society of Professional Journalists, and the Society for News Design.
The Epoch Times’ media network currently covers 21 languages and 33 countries.