IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft seizes domains used by Chinese hacking group

The tech giant claimed that there’s often correlation between the group’s targets and China’s geopolitical interests

Microsoft has revealed that it has disrupted the activities of a China-based hacking group it has been tracking since 2016. 

A federal court in Virginia granted the company’s request to seize websites belonging to the group, dubbed Nickel, which was using them to attack organisations in the US and 28 other countries around the world.

Microsoft believes the attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organisations.

Microsoft said it had been tracking Nickel since 2016 and analysing the way it has targeted government organisations across Latin America and Europe since 2019. The tech giant said the attacks were highly sophisticated and nearly always had one goal, to insert hard-to-detect malware that facilitates intrusion, surveillance, and data theft.

Sometimes, the attacks used compromised third-party virtual private network suppliers or stolen credentials obtained from spear phishing campaigns. In some observed activity, the malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems. Microsoft underlined it had not observed any new vulnerabilities in its products as part of the attacks, and has created unique signatures to detect and protect from known Nickel activity in its security products.

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” said Tom Burt, Microsoft corporate vice president of Customer Security & Trust.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”

The tech giant explained that Nickel targeted organisations in both the private and public sectors, including diplomatic organisations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa. It added that there is often a correlation between Nickel’s targets and China’s geopolitical interests.

Other countries in which Nickel has been active include Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the United Kingdom, and Venezuela.

The company added that others in the security community who have researched the group refer to them by different names, including KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

Microsoft launches collaboration platform Loop, its answer to Notion
collaboration

Microsoft launches collaboration platform Loop, its answer to Notion

23 Mar 2023
Microsoft 365 Copilot aims to transform meeting prep and productivity
artificial intelligence (AI)

Microsoft 365 Copilot aims to transform meeting prep and productivity

17 Mar 2023
Bing exceeds 100m daily users in AI-driven surge
artificial intelligence (AI)

Bing exceeds 100m daily users in AI-driven surge

9 Mar 2023
The 2022 Hornetsecurity ransomware attacks analysis
Whitepaper

The 2022 Hornetsecurity ransomware attacks analysis

8 Mar 2023

Most Popular

The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Why Amazon is cutting staff from AWS
Cloud

Why Amazon is cutting staff from AWS

21 Mar 2023
Why – and how – IP can be the hero in your digital transformation success story
Sponsored

Why – and how – IP can be the hero in your digital transformation success story

6 Mar 2023