Microsoft says it removed a key piece of infrastructure that a hacking group was relying on to execute a wave of attacks.
Microsoft on Monday said its digital crime unit obtained authorization from a federal court to seize multiple websites that a Chinese hacking group was using to target organizations in the US and 28 other countries. The hacking group, dubbed Nickel, was using the sites to execute attacks “for intelligence gathering from government agencies, think tanks and human rights organizations,” Microsoft said in a blog post.
“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” the company said, adding that it believes it’s “removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”
Get the CNET Windows Report newsletter
Get smarter with the latest Microsoft news, reviews and advice on Windows PCs. Delivered Wednesdays.
Microsoft said it’s been tracking Nickel since 2016 and noted that the hacking group’s method is to “insert hard-to-detect malware that facilitates intrusion, surveillance and data theft.” According to Microsoft’s observations of Nickel’s activity, the hacking group sometimes accomplishes this via compromised virtual private networks, data obtained from spear-phishing attacks or “exploits targeting unpatched on-premises Exchange Server and SharePoint systems.”
Microsoft confirmed that it seized 42 websites being used to execute attacks, which was earlier reported by The New York Times. The company’s action against the Nickel hacking group comes as the Biden administration takes steps to bolster US cybersecurity efforts.