Microsoft says it disrupts activities of China-based hacking group
Washington, US: The corporate vice president of Microsoft's Customer Security and Trust (CST) team, Tom Burt, said Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that has been termed "Nickel" by the American multinational technology company.
In his blog post, Tom said: "In documents that were unsealed today, a federal court in Virginia has granted our request to seize websites Nickel was using to attack organizations in the United States and 28 other countries around the world, enabling us to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks."
"We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organizations," he added.
We have used legal process to seize control of malicious websites used by Nickel to target dozens of government organizations, think tanks, and human rights organizations in 29 countries. (2/3) https://t.co/T6AqoxOxKK— Tom Burt (@TomBurt45) December 6, 2021
On Dec 2, Microsoft filed pleadings with the US District Court for the Eastern District of Virginia seeking authority to take control of the sites.
The court quickly granted an order that was unsealed today following completion of service on the hosting providers.
Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities.
"Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," Tom said.
He said Microsoft’s DCU has been a 'pioneer' in using this legal strategy against cybercriminals, and more recently, against nation-state hackers.
"To date, in 24 lawsuits – five against nation-state actors – we’ve taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors. We have also successfully blocked the registration of 600,000 sites to get ahead of criminal actors that planned to use them maliciously in the future," Tom said.