advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

We’ll take that – Microsoft siezes websites used by Nickel hacking group

This week Microsoft’s Digital Crimes Unit knocked down a China-based hacking group it had been watching since 2016. The unit dubbed the hacking group Nickel.

On Monday, Microsoft was granted a request it made to the federal court in Virginia to seize websites used by Nickel. These websites were used to attack organisations and governments in 29 countries. The attacks were used to siphon data from goverment, think tanks and human rights organisations.

“The attacks MSTIC [Microsoft Threat Intelligence Center] observed are highly sophisticated and used a variety of techniques but nearly always had one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance and data theft. Sometimes, Nickel’s attacks used compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear phishing campaigns,” explains corporate vice president of Customer Security and Trust at Microsoft, Tom Burt.

“In some observed activity, Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems. However, we have not observed any new vulnerabilities in Microsoft products as part of these attacks. Microsoft has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender,” adds Burt.

This group has been tracked by others in the security community and have been given names such as KE3CHANG, APT15, Vixen Panda, Royal APT and Playful Dragon.

While it appears as if Nickel targeted private companies its prime targets appear to have been governments. To that end, Microsoft alleges there was a correlation between Nickel’s targets and China’s geopolitical interests.

While Microsoft seized Nickel’s websites it says that even this action isn’t enough to stem the tide of attacks from nation-states and cybercriminals alike.

Microsoft has used similar tactics to disrupt operations in Russia, Iran and North Korea with similar operating methods.

“It is our responsibility, and that of every entity with the relevant expertise and resources, to do whatever we can to help bolster trust in technology and protect the digital ecosystem,” wrote Burt.

You can find a technical breakdown of the operation here.

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

Cheap ransomware poses a massive threat to small businesses

China is restricting American apps citing security concerns

SPEEDRUN – Ever forget a toupee in an Uber?

A new premium device, the vivo V30 5G touches down in SA

After dethroning PewDiePie, T-Series is taking on MrBeast

Radio technology kept Two Oceans runners safe

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.