Microsoft disrupts activities of a China-based hacking group in 29 countries
The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group dubbed Nickel by successfully seizing a set of Nickel-operated websites in 29 countries.
China-based threat actor Nickel, also known as APT15, APT25, and KeChang, has targeted governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, Europe, and North America.
Following a court order from the U.S. District Court for the Eastern District of Virginia, DCU seized a set of websites Nickel was using to attack organizations in the United States and 28 other countries worldwide. According to Microsoft, the seizure of these sites enabled them to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks.
“We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations,” Microsoft said.
By obtaining control of the malicious websites, Microsoft can redirect traffic from those sites to Microsoft’s secure servers that help them “protect existing and future victims while learning more about Nickel’s activities.”
However, Microsoft noted, this will not prevent Nickel from continuing other hacking activities.
“But we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Microsoft said.
The Microsoft Threat Intelligence Center (MSTIC) has been tracking Nickel since 2016 and analyzing this specific activity since 2019. While Nickel’s techniques are sophisticated and varied, they nearly always had one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance, and data theft.
Nickel has targeted organizations in both private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe, and Africa. Microsoft said there is often a correlation between Nickel’s targets and China’s geopolitical interests.
In addition to the US, the countries in which Nickel has been active include: Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the United Kingdom, and Venezuela.
More from CyberNews:
Subscribe to our newsletter