News

Microsoft seized control of 42 domains of Chinese hack group Nickel

Microsoft announced that it has seized control of 42 domains used by the Chinese cyber-espionage group Nickel (APT15), which is targeting organizations in the United States and 28 other countries around the world.

The group, which Microsoft calls Nickel, is also known by other names, including APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon and Vixen Panda. The hack group is believed to have been active since 2012 and have conducted numerous operations against a wide variety of targets over the years.

Tom Burt, Microsoft’s vice president of security and customer trust, writes that the hijacked domains were used to “collect data” from government agencies, think tanks and advocacy organizations. This campaign has been running since autumn 2019.

Taking control of malicious sites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect current and future victims while learning more about Nickel. This outage will not prevent Nickel from continuing with other hacking operations, but we are confident that we removed a key piece of infrastructure that the group relied on during the last wave of attacks.says Burt.
Tom Burt
Tom Burt

According to the court ruling, the hacker’s domains were redirected “to secure servers by changing the authorized domain name servers to NS104a.microsoftintemetsafety.net and NS104b.microsoftintemetsafety.net.”

The hack group reportedly compromised their victims by hacking into third-party VPN service providers as well as stolen credentials (usually from targeted phishing campaigns).

Of course, the seizure of Nickel’s domains was sanctioned by the court, and this claim has already become 24th on Microsoft’s account. Let me remind you that earlier the company through the courts obtained control over domains belonging to hackers SolarWinds, Iranian APT35, Necurs and Thallium botnets, North Korean hackers and Nigerian BEC scammers.

To date, in 24 lawsuits (five of them involving government hackers), we have blocked more than 10,000 malicious sites used by cybercriminals and nearly 600 sites used by government hackers.says Burt.

Let me remind you that we also said that Microsoft gained control over six domains of “Coronavirus” scammers.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button