Microsoft Takes Down China-Linked Hacker Websites

Microsoft Disrupts Chinese Hacking Group's Infrastructure

Microsoft has successfully taken control of several websites utilized by a hacking group linked to the Chinese government. These sites were actively employed to target organizations across 29 nations, including the United States.

Court Order Enables Infrastructure Seizure

On Monday, Microsoft’s Digital Crimes Unit (DCI) announced that a federal court in Virginia authorized the company to assume control of the malicious websites. Traffic from these compromised domains is now being redirected to Microsoft’s secure servers.

The hacking group, identified as Nickel – also known as APT15 – is a state-sponsored entity. Its primary objective is intelligence gathering from various organizations, such as governmental bodies, research institutions, and human rights groups.

Targeted Regions and Geopolitical Interests

While specific targets haven't been publicly disclosed, Microsoft confirmed that organizations in the U.S. and 28 other countries were affected. A notable pattern exists, with Nickel’s targets frequently aligning with China’s broader geopolitical interests.

Sophisticated Attack Methods Employed

Microsoft has been monitoring Nickel’s activities since 2016, recognizing it as a highly active threat actor targeting government agencies. The group’s attacks are characterized by their sophistication, utilizing malware that is difficult to detect.

These attacks facilitate intrusion, surveillance, and the theft of sensitive data. Nickel has leveraged compromised third-party VPN providers and credentials obtained through spear-phishing campaigns. Furthermore, vulnerabilities within Microsoft’s Exchange Server and SharePoint systems were exploited in some instances.

However, Microsoft emphasized that no new vulnerabilities in its own products were identified during these attacks.

Disruption of Key Infrastructure

Tom Burt, Microsoft’s corporate vice president for customer security and trust, stated: “Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities.”

While this action won’t halt all of Nickel’s hacking endeavors, it effectively removes a crucial component of their infrastructure used in this recent series of attacks.

Countries Affected by Nickel's Operations

Beyond the United States, Nickel’s targeting extended to organizations in the following countries:

• Argentina
• Barbados
• Bosnia and Herzegovina
• Brazil
• Bulgaria
• Chile
• Colombia
• Croatia
• Czech Republic
• Dominican Republic
• Ecuador
• El Salvador
• France
• Guatemala
• Honduras
• Hungary
• Italy
• Jamaica
• Mali
• Mexico
• Montenegro
• Panama
• Peru
• Portugal
• Switzerland
• Trinidad and Tobago
• The United Kingdom
• Venezuela

Microsoft's Ongoing Efforts Against Cybercrime

Microsoft’s Digital Crimes Unit has a proven track record of disrupting cybercriminal activity. Through 24 lawsuits, the unit has successfully taken down over 10,000 malicious websites operated by cybercriminals.

Additionally, nearly 600 websites used by nation-state actors have been dismantled. Earlier this year, the team gained control of web domains used in a large-scale cyberattack that impacted victims in 62 countries through deceptive emails.