Microsoft disrupts Chinese cyber-spying group by seizing 42 websites used by hackers to collect intelligence on foreign ministries, think tanks and human rights organizations in 29 different countries

  • Microsoft shutdown a cyber-spying ring run by Nickle, a Chinese hacker group
  • The company seized 42 websites used by the group to gather intelligence from foreign ministries, think tanks and human rights organizations
  • Th websites were found to run in 29 different countries, including the US 

Microsoft announced on Monday that it has disrupted the cyber-spying of a state-backed Chinese hacking group by seizing 42 websites used to gather intelligence from foreign ministries, think tanks and human rights organizations in 29 different countries, including the US.

The company said a Virginia federal court granted its request last Thursday to seize the domains from the group it calls Nickel - but is also known as APT15 and Vixen Panda.

This allowed Microsoft's Digital Crimes Unit to take over US-based websites and redirect traffic to its secure servers to 'help us protect existing and future victims while learning more about Nickel's activities,' the firm shared in a press release.

Nickel has targeted organizations in both the private and public sectors, but Microsoft says it has not discovered any new vulnerabilities in Microsoft products related to the attacks.

Scroll down for video 

Microsoft announced on Monday that it has disrupted the cyber-spying of a state-backed Chinese hacking group by seizing 42 websites used to gather intelligence from foreign ministries, think tanks and human rights organizations in 29 different countries, including the US

Microsoft announced on Monday that it has disrupted the cyber-spying of a state-backed Chinese hacking group by seizing 42 websites used to gather intelligence from foreign ministries, think tanks and human rights organizations in 29 different countries, including the US

Tom Burt, corporate vice president of Microsoft, shard in the post: 'Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help us protect existing and future victims while learning more about Nickel's activities.

'Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.'

The Microsoft Threat Intelligence Center (MSTIC) has been tracking Nickel since 2016 and analyzing this specific activity since 2019.

'The attacks MSTIC observed are highly sophisticated and used a variety of techniques but nearly always had one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance and data theft,' Burt shared.

Nickel has targeted organizations in both the private and public sectors, but Microsoft says it has not discovered any new vulnerabilities in Microsoft products related to the attacks

Nickel has targeted organizations in both the private and public sectors, but Microsoft says it has not discovered any new vulnerabilities in Microsoft products related to the attacks

Microsoft found the attacks used compromised third-party virtual private network (VPN) suppliers or stolen credentials collected from spear phishing campaigns.

Spear phishing is when hackers use electronic communications to scam people and businesses out of personal data or as a way to install malware on a targeted user's computer.

MSTIC did observe Nickel malware used exploits targeting unpatched flaws in Exchange Server and SharePoint systems.

Microsoft says it has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender.

'Nickel has targeted in North America, Central America, South America, the Caribbean, Europe and Africa,' Burt shared.

'There is often a correlation between Nickel's targets and China's geopolitical interests. Others in the security community who have researched this group of actors refer to the group by other names, including 'KE3CHANG,' 'APT15,' 'Vixen Panda,' 'Royal APT' and 'Playful Dragon,'

'In addition to the U.S., the countries in which Nickel has been active include: Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the United Kingdom and Venezuela.'

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.