Microsoft announced that it has seized control of 42 domains used by the Chinese cyber-espionage group Nickel (APT15), which is targeting organizations in the United States and 28 other countries around the world.
The group, which Microsoft calls Nickel, is also known by other names, including APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon and Vixen Panda. The hack group is believed to have been active since 2012 and have conducted numerous operations against a wide variety of targets over the years.Tom Burt, Microsoft’s vice president of security and customer trust, writes that the hijacked domains were used to “collect data” from government agencies, think tanks and advocacy organizations. This campaign has been running since autumn 2019.
According to the court ruling, the hacker’s domains were redirected “to secure servers by changing the authorized domain name servers to NS104a.microsoftintemetsafety.net and NS104b.microsoftintemetsafety.net.”
The hack group reportedly compromised their victims by hacking into third-party VPN service providers as well as stolen credentials (usually from targeted phishing campaigns).
Of course, the seizure of Nickel’s domains was sanctioned by the court, and this claim has already become 24th on Microsoft’s account. Let me remind you that earlier the company through the courts obtained control over domains belonging to hackers SolarWinds, Iranian APT35, Necurs and Thallium botnets, North Korean hackers and Nigerian BEC scammers.
Let me remind you that we also said that Microsoft gained control over six domains of “Coronavirus” scammers.
User Review
( votes)
