Microsoft has taken control of many websites used by a group of Chinese government-backed hackers. They were used to carry out attacks to spy on organizations in 29 countries, including the United States.
You will also be interested
[EN VIDÉO] Cyber espionage: what are the threats? Interference with elections, theft of industrial data, hacking of military systems… Cyber espionage has been on the rise over the past two decades.
It’s a nice catch and above all an at least temporary weakening for a group of Chinese hackers supported by Beijing. The Digital Crimes Unit (DCU), the cybersecurity laboratory of Microsoft managed to take control of the websites that allowed these hackers to carry out targeted attacks in 29 countries. The company has acted with authorization of the Virginia Federal Court in the United States to carry out this action. The target group is known as Nickel at Microsoft. This group, which acts in a targeted manner as soon as Beijing’s geopolitical interests are concerned, has been closely followed by Microsoft since 2016.
Very active, it carries out sophisticated attacks using malware that is difficult to detect, which allows them to enter the targeted networks for a long time and discreetly. The viral load Typically used to monitor and collect network data. In other words, it is espionage. Their entry points are classic targeted phishing campaigns, hijacked VPN services, or vulnerabilities in Microsoft Exchange or SharePoint. According to the American firm, on this last point, the hackers only exploited old flaws not plugged by the users of these services.
Taking control of compromising websites is a classic and consistently winning strategy … when you get it right. It is with this method that the cybergendarmes French had succeeded in bringing down one of the largest botnet networks in the world, as Futura had reported during a report on the International Cybersecurity Forum in Lille.
Weaken and slow down the threat
By having control over these sites, traffic is redirected to Microsoft’s secure servers and the threat is averted. In addition, the examination of the link between the sites and Nickel allows you to learn more about the group’s activities, but this will not prevent hackers from carrying out new actions of piracy. On the other hand, they are forced to create new infrastructures on which to rely to carry out future attacks.
This maneuver is not unprecedented for Microsoft. During 24 missions, the DCU would have neutralized more than 10,000 malicious websites. A figure to which must be added 600 other sites operated, for their part, by state actors, that is to say hackers closely linked to government authorities. The firm has also protected more than 600,000 websites that could have been corrupted by cybercriminals to carry out their hacking actions.
Regarding the name “Nickel”, you should know that Microsoft always gives names of minerals orchemical elements to identify large groups of hackers close to a state. It is therefore Nickel for this group, but we also find Barium always for China, or Strontium (Russia), Phosphorus (Iran), and Thallium (North Korea).
At other security companies, Nickel is identified as Vixen Panda, Royal APT, Playful Dragon, Ke3chang, or under the nomenclature APT15. The group specializes in cyber espionage of organizations from the private and public sectors, including diplomatic organizations and government departments in America, the Caribbean, Europe and Africa.
Interested in what you just read?
.
