Microsoft seized domains used by the APT15 Chinese cyberespionage group
On 6th December 2021 Microsoft seized malicious sites used by the APT15 (also known as Nickel, KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon) which target organizations in the US and 28 other countries.
APT 15 has been targeting public and private sector organizations and ministries of foreign affairs in some countries. They have been active in countries like, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, United Kingdom and many other. There main target is to deploy malware on compromised servers and monitor victims’ activities and to collect data.
“The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel. In documents that were unsealed today, a federal court in Virginia has granted our request to seize websites Nickel was using to attack organizations in the United States and 28 other countries around the world, enabling us to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks.”
“We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organizations.” said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.
After the US District Court for the Eastern District of Virginia granted the order for the complaint filed on 2nd December Microsoft took down Nickel’s infrastructure.
“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities. Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.” Tom Burt Further commented
To date Microsoft has taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors in around 24 lawsuits. And have successfully blocked the registration of 600,000 sites to get ahead of criminal actors that planned to use them maliciously in the future.
Reference