Microsoft announced that it has taken action and seized dozens of domains used in the attacks of the China-based APT group called Nickel on governments and NGOs across the Americas, Europe, and the Caribbean.
Microsoft Tracked Nickel Ever Since 2016
In recent blog posts, Tom Burt, Microsoft's vice president, the Microsoft Digital Crimes Unit along with the Microsoft Threat Intelligence Center said they have actually been tracking Nickel ever since 2016. With that, a federal court in Virginia has finally granted the company's request to seize websites that were being used to attack organizations in the US and other countries.
Burt said that on December 2, they filed lawsuits in the US District Court for the Eastern District of Virginia allowing them to cut off Nickel's access to its victims and for them to prevent the website from being used to execute attacks. Burt said that they believe that the attacks were largely being used in order to gather intelligence from government agencies, think tanks, and even human rights organizations.
Malware Targetting Governments
The attacks included inserting hard-to-detect malware that enables intrusions, surveillance, and even data theft. The malware targeted organizations in Barbados, Argentina, Bosnia, Bulgaria, Herzegovina, Brazil, Chile, Croatia, Columbia, Dominican Republic, Czech Republic, El Salvador, Ecuador, Guatemala, Hungary, Honduras, Italy, Jamaica, Mexico, Montenegro, Mali, Peru, Switzerland, Panama, Portugal, Trinidad, Tobago, Venezuela, the UK, and the US.
The official Microsoft Threat Intelligence Center was able to find that at times, Nickel was able to compromise VPN suppliers and steal large numbers of credentials. To expand, in other instances, they were able to take advantage of Exchange Server and SharePoint systems.
Other Names for 'Nickel'
According to the story by ZDNet, the company, however, said that there are no new vulnerabilities in Microsoft products that were used as part of the attacks. However, when attackers were inside the network, they would look for ways to gain access to higher-value accounts or even other footholds within the system.
Microsoft detailed that they were able to see Nickel actors WDigest, Mimikatz, NTDSDump, and even some other password dumping tools during the said attacks. Burt said that others within the security community have also called the group by its other names including APT15, KE3CHANG, Vixen Panda, Playful Dragon, and Royal APT.
Microsoft Plans to Take Down 10,000 Malicious Websites from Cybercriminals
It was also noted that nation-state attacks still continue to proliferate both in number and in sophistication. Microsoft's main goal in the case is to be able to take down malicious infrastructure, have a better understanding of actor tactics, help protect their customers and also inform the broader debate when it comes to acceptable norms in cyberspace.
Microsoft has also previously targeted Barium which is operating from China, Strontium, from Russia, Thallium, from North Korea, and Phosphorus from Iran. To add, Burt said that Microsoft has already filed 24 lawsuits that would allow them to take down over 10,000 malicious websites from cybercriminals and around 600 coming from nation-state groups.
Related Article: 1 Billion iPhone Users at Risk of Leaked Private Messages | End-to-End Encryption Failure
This article is owned by Tech Times
Written by Urian B.