[ad_1]
Microsoft said on Monday it had seized 42 websites belonging to a Chinese hacking group in an attempt to disrupt the group’s intelligence-gathering operations.
The company said in a press release that a federal court in Virginia has accepted a request to allow Microsoft’s Digital Crimes Division to take over US-based websites run by a hacker group known as Nickel or APT15. The company redirects website traffic to secure Microsoft servers to “help us protect current and future victims while learning more about Nickel’s activities.”
Microsoft says it has tracked Nickel since 2016 and found that its “highly sophisticated” attacks were aimed at installing unobtrusive malware that allows for snooping and data theft.
In this most recent case, Nickel was attacking organizations in 29 different countries, and Microsoft’s corporate vice president, Tom Burt, was believed to be using the information he gathered “to gather intelligence from government agencies, think tanks, universities, and human rights organizations.” customer safety and trust, he said in the newsletter. Microsoft did not provide the names of the organizations targeted.
In court documents released Monday, Microsoft detailed how hackers targeted users with techniques such as compromising third-party virtual private networks and phishing, where a hacker pretends to be a trusted entity. information such as password.
The company said that after using these strategies to install malware on a user’s computer, Nickel would link the computer to malicious websites Microsoft has since hijacked.
The company argued that because the process involved hacking computers and making changes to Microsoft operating systems, and sometimes pretending to be Microsoft, it “involved misuse of Microsoft’s trademarks and brands and deceived users by providing them with an unauthorized, modified version of Windows.” ”
In its decision, the court ordered the temporary suspension of hackers and the transfer of websites registered in Virginia to Microsoft.
“There are good reasons to believe that immediate and irreparable harm will be incurred by the defendants’ continued violations, unless this is restrained and ordered by the court’s order,” the court said in its ruling.
Microsoft said it has not discovered any new attack-related vulnerabilities in its products.
“Our outage will not prevent Nickel from continuing with other hacking activities, but we believe we have removed a key piece of infrastructure the group relies on for this latest wave of hacking,” said Mr. Burt.
Microsoft said it found that the group often targets regions where China has geopolitical interests. The company said Nickel has targeted diplomatic agencies and foreign ministries in the Western Hemisphere, Europe and Africa, among other groups.
The company said its Digital Crimes Unit had shut down more than 10,000 malicious websites used by cybercriminals and nearly 600 websites used by nation-state actors through 24 lawsuits, and blocked 600,000 more records.
John Hammond, a researcher at cybersecurity company Huntress Labs, said Microsoft’s move against websites is a good example of “proactive protection against cybercrime.”
“This action by Microsoft is a good example of carrying out these preventive efforts before threat actors do more harm,” said Mr Hammond, adding that it “sends a signal to the attacker when critical infrastructure is taken offline.”
US cybersecurity agencies have warned that Chinese hacking poses a “major threat” to the US and its allies.
In July, Biden administration blames Chinese government to be responsible a hacking campaign Earlier this year, a Microsoft email service used by some of the world’s largest companies and governments compromised.
Some European governments that denounced China at the time accused it of allowing hackers to operate on Chinese soil, but the US and UK went a step further, saying the Chinese government was directly responsible.
At the time, Foreign Minister Antony J. Blinken said China’s Ministry of State Security was “encouraging an ecosystem of criminal contract hackers who engage in both state-sponsored activities and cybercrime for their own financial gain.”
Liu Pengyu, spokesman for the Chinese Embassy, said at the time that the accusation was one of many “baseless attacks”.
[ad_2]
Source link