Dubbed Nickel by Microsoft; the group of Chinese hackers was actively using the websites for intelligence gathering from thanks tanks, human rights organizations, and government agencies in 29 countries.
The Microsoft Digital Crimes Unit disrupted the activities of a hacking group based in China after a federal court allowed the company to seize the websites used by the group. Reportedly, the hacking group identified as Nickel was targeting organizations in 28 different countries, including the USA.
Microsoft Seizes Websites of Nickel Hacking Group
According to court documents, a federal court in the Eastern District of Virginia agreed to allow Microsoft to seize Nickel’s websites. The organization could cut off the group’s access to its victims, and the websites could no longer be used to execute attacks as the traffic was redirected to Microsoft servers.
Microsoft suspects that the attacks were geared towards intelligence gathering as the group mainly targeted human rights organizations, think tanks, diplomatic organizations, and government agencies.
Microsoft’s corporate vice president of Customer Security and Trust, Tom Burt, stated that the company has notified impacted customers about the attacks. Microsoft states it can protect current and future victims and learn more about Nickel’s activities by securing Nickel’s servers.
“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Burt said in a blog post.
Nickel Under Microsoft’s Radar Since 2016
Reportedly, Microsoft’s Threat Intelligence Center had been tracking Nickel since 2016 as the group used malware to hijack company networks, steal data, and conduct surveillance.
Furthermore, Nickel hackers used known vulnerabilities identified in VPNs, Microsoft’s SharePoint system, and Exchange Server to infiltrate companies. Burt clarified that no new flaws in Microsoft’s products were identified while investigating the China-based hacking group.
In its Digital Defense Report, Microsoft described Nickel as one of the most active groups targeting government organizations and that the group’s attacks have been successful 90% of the time.
Most of the organizations targeted by Nickel are located in:
- North America
- The Caribbean
- South America
- Central America.
Some of the impacted countries include the following:
- United States
- Czech Republic
- United Kingdom
The full list of targeted countries is available here.
It is worth noting that researchers identified a connection between the targeted organizations and Chinese geopolitical interests.
“We will remain relentless in our efforts to improve the security of the ecosystem and we will continue to share activity we see, regardless of where it originates,” Burt emphasized.