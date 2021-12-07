



Microsoft said Monday it had confiscated 42 websites from a group of Chinese hackers in a bid to thwart group intelligence gathering operations. The company said in a press release that a federal court in Virginia had approved Microsoft’s request to allow its Digital Crime Unit to take over U.S.-based websites, which were run by a group of hackers known as Nickel or APT15. The company is redirecting website traffic to secure Microsoft servers to help us protect existing and future victims as we learn more about Nickels activities. Microsoft said it had been tracking Nickel since 2016 and had discovered that its highly sophisticated attacks aimed to install careless malware that allowed surveillance and data theft. In the latest case, Nickel was attacking organizations in 29 countries and was believed to be using intelligence gathered from government agencies, think tanks, universities and human rights organizations. Tom Burt, vice president of Microsoft for customer safety and trust, the press release said. Microsoft did not mention the organizations that were targeted.

In unsealed court documents Monday, Microsoft provided a detailed explanation of how hackers targeted users through techniques such as compromising third-party virtual networks and phishing, in which a hacker is portrayed as a trusted entity, often in an attempt to force someone to provide information like a password. After using these strategies to install malware on a user’s computer, the company said, Nickel will link the computer to malicious websites that Microsoft has since captured. The company argued that the process, because it involves hacking into computers and making changes to Microsoft operating systems and sometimes posing as Microsoft, involves abusing Microsoft trademarks and brands, and misleading users by presenting an unauthorized, modified version. of Windows to those users. In its ruling, the court agreed to issue a temporary restraining order against the hackers and pass the websites, which were registered in Virginia, to Microsoft. There is strong reason to believe that, if the defendants are not detained and ordered by order of this court, from the continuing violations of the defendants there will be immediate and irreparable harm, the court writes in its decision.

Microsoft said it had not discovered any new vulnerabilities in its products related to the attacks. Updated December 6, 2021, 6:10 pm ET “Our interruption will not prevent Nickel from continuing other hacking activities, but we believe we have removed a key piece of infrastructure on which the group has relied for this latest wave of attacks,” Mr Burt said. Microsoft said it had discovered that the group often targeted regions in which China has a geopolitical interest. Nickel has targeted diplomatic organizations and foreign ministries in the Western Hemisphere, Europe and Africa, among other groups, the company said. The company said its Digital Crimes Unit, through 24 lawsuits, had removed more than 10,000 malicious websites used by cybercriminals and nearly 600 used by state actors, and had blocked the registration of 600,000 others. John Hammond, a researcher at cybersecurity company Huntress Labs, said Microsoft’s move against websites was a good example of proactive defense against cybercrime. The move by Microsoft is a great example of making those preventative efforts before threatening actors do more harm, Mr Hammond said, adding that it sends a signal to the aggressor when key infrastructure goes offline. U.S. cybersecurity agencies have warned that Chinese hacking poses a major threat to the United States and its allies.

In July, the Biden administration accused the Chinese government of being responsible for a hacking campaign this year that jeopardized a Microsoft email service used by some of the world’s largest companies and governments. Some of the European governments that condemned China at the time accused it of allowing hackers to operate on Chinese territory, but the United States and Britain went a step further, saying the Chinese government was directly responsible. China’s Ministry of State Security has fostered an ecosystem of hackers with criminal contracts carrying out state-sponsored activities and cybercrime for their own financial gain, then-Secretary of State Antony J. Blinken said. Liu Pengyu, a spokesman for the Chinese Embassy, ​​said at the time that the charge was one of many baseless attacks.

