Tech giant, Microsoft has disrupted the movements of China-backed hackers, seizing control of the malicious websites the group used to infiltrate organizations in the US and 28 other nations around the world.
The Microsoft Digital Crimes Unit (DCU) announced in a statement that a federal court in Virginia granted its request to seize websites of the China-backed hackers referred to as ‘Nickel’, allowing the firm to cut off Nickel’s access to its victims and stop these malicious websites from being employed to execute attacks.
These China-backed Hackers Were Working to Gather Intelligence from Different Organizations
“We believe these attacks were for the most part being employed for intelligence gathering from government agencies, think tanks, and human rights organizations,” said Tom Burt, Company Vice President, Customer Security, and Trust at Microsoft. Gaining control of the malicious websites of the China-backed hackers and redirecting traffic from those websites to Microsoft’s secure servers will facilitate the company to defend existing and future sufferers while uncovering more about Nickel’s actions.
Read more: Microsoft to Shut Down LinkedIn Social Media Service in China
“Our disruption will not prevent China-backed hackers, Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been counting on for this latest wave of attacks,” Burt told late on Monday. Till now, in 24 lawsuits – five against nation-state actors — Microsoft has taken down over 10,000 malicious websites employed by cybercriminals and almost 600 sites employed by nation-state players.
Microsoft Blocked the Registration of 600,000 Websites to Prevent Future Attacks
“We have also with success blocked the registration of 600,000 sites to induce ahead of criminal actors that planned to use them maliciously in the future,” the tech giant informed. In some observed activities, China-backed hackers, Nickel malware employed exploits targeting unpatched on-premises Exchange Server and SharePoint systems.
“However, we have not discovered any new vulnerabilities in Microsoft product as a part of these attacks. Microsoft has created unique signatures to discover and defend from renowned Nickel activity through our security products, like Microsoft 365 Defender,” the company further informed. Moreover, China-backed hackers, Nickel has targeted organizations in both the personal and public sectors, as well as diplomatic structures and ministries of external affairs in North America, Central America, South America, the Caribbean, Europe, and Africa.
Source: TechCrunch