Microsoft said Monday it had seized 42 websites belonging to a Chinese hacking group in an attempt to disrupt the group’s intelligence-gathering activities.
The company said in a press release that a federal court in Virginia had granted Microsoft’s request to allow its Digital Crimes Unit to take over U.S. websites, which were operated by a hacker group known as Nickel or APT15. The company redirects traffic from the websites to secure Microsoft servers to “help us protect existing and future victims while learning more about Nickel’s activities.”
Microsoft said it had been tracking Nickel since 2016 and had discovered that its “highly sophisticated” attacks were designed to install stealthy malware that enabled surveillance and data theft.
In this most recent case, Nickel attacked organizations in 29 countries and believed it was using the information it collected “to gather intelligence from government agencies, think tanks, universities and human rights groups,” Tom Burt, Microsoft’s corporate vice president of customer security and confidence, said in the press release. Microsoft did not name the organizations targeted.
In court documents opened Monday, Microsoft detailed how the hackers targeted users through techniques such as compromising third-party virtual private networks and phishing, in which a hacker impersonates a trusted entity, often in a attempt to get someone to provide information. information such as a password.
After using those strategies to install malware on a user’s computer, the company said, Nickel would connect the computer to the malicious websites Microsoft has since seized.
The company argued that because the lawsuit involved hacking into computers and making changes to Microsoft operating systems and at times masquerading as Microsoft, “there is a misuse of Microsoft’s trademarks and brands and mislead users by an unauthorized , modified version of Windows to those users.”
In its decision, the court agreed to issue a temporary restraining order against the hackers and hand over the Virginia-registered websites to Microsoft.
“There is good reason to believe that unless defendants are detained and ordered by order of this court, immediate and irreparable harm will result from the defendants’ continued violations,” the court wrote in its decision.
Microsoft said it had discovered no new vulnerabilities in its products related to the attacks.
“Our disruption won’t stop Nickel from continuing other hacking activities, but we do believe we’ve removed a key piece of infrastructure the group has relied on for this latest wave of attacks,” said Mr. Burt.
Microsoft said it had found that the group often targeted regions in which China has a geopolitical interest. Nickel has targeted diplomatic organizations and foreign ministries in the Western Hemisphere, Europe and Africa, among others, the company said.
The company said its Digital Crimes Unit, through 24 lawsuits, had removed more than 10,000 malicious websites used by cybercriminals and nearly 600 used by national actors, and blocked the registration of another 600,000.
Understand US-China Relations
A tense era in US-China ties. The two powers are deeply at odds with each other as they vie for influence beyond their own shores, compete in technology and maneuver for military advantages. Here’s what you need to know about the key fronts in US-China relations:
John Hammond, a researcher at the cybersecurity firm Huntress Labs, said Microsoft’s action against the websites was a good example of “proactive protection against cybercrime.”
“This move by Microsoft is a great example of taking preventative efforts before threat actors do more damage,” said Mr. Hammond, adding that it “sends a signal to the aggressor when key infrastructure is taken offline.”
US cybersecurity agencies have warned that Chinese hacking poses a “major threat” to the United States and its allies.
In July, the Biden administration accused the Chinese government of being responsible for a hacking campaign this year that compromised a Microsoft email service used by some of the world’s largest companies and governments.
Some of the European governments that condemned China at the time accused it of allowing hackers to operate on Chinese soil, but the United States and Britain went one step further, saying the Chinese government was directly responsible.
China’s Ministry of State Security “has fostered an ecosystem of criminal contract hackers who engage in both state-sponsored activities and cybercrime for their own financial gain,” Foreign Minister Antony J. Blinken said at the time.
Liu Pengyu, a spokesman for the Chinese embassy, said the accusation was one of many “baseless attacks”.