A Microsoft press release said that a federal judge in Virginia had approved the company’s plea to enable its Digital Crimes Unit to seize control of the websites hosted in the United States and operated by a hacking organisation known as Nickel or APT15, according to the announcement. To “assist us in protecting current and prospective victims while learning more about Nickel’s actions,” the business is routing traffic from the websites to secure Microsoft servers.
Because Nickel has been watching them since 2016, Microsoft says they’ve figured out that their “extremely sophisticated” assaults were designed to install malware that would enable for surveillance and data theft while remaining undetectable to the victim.
During this most recent attack, Nickel targeted organisations in 29 countries and was suspected of using the information it gathered “for intelligence gathering from government agencies, think tanks, universities, and human rights organisations,” according to Tom Burt, Microsoft’s corporate vice president of customer security and trust, who spoke at the press conference. In a statement, Microsoft did not specify whose firms had been targeted.
On Monday, Microsoft released court documents that detailed how the hackers targeted users through techniques such as compromising third-party virtual private networks and phishing, which is a technique in which a hacker poses as a trusted entity in an attempt to obtain information such as a password.
Nickel, according to the business, would employ those tactics to infect a user’s computer with malware, after which the PC would be connected to the fraudulent websites that Microsoft has now shut down.
In its lawsuit, Microsoft asserted that the process, which involved hacking into computers and making changes to Microsoft operating systems while posing as Microsoft at times, “involves abuse of Microsoft’s trademarks and brands, as well as trickery of users by presenting them with an unpermitted, modified version of Windows.”
Ultimately, the court determined that the hackers were justified in their actions and that the websites, which were registered in Virginia, should be turned over to Microsoft for investigation.
As the court said in its conclusion, “there is reasonable grounds to think that the defendants’ continuing breaches would result in imminent and irreparable injury unless defendants are restrained and enjoined by order of this court.”
Nickel will not be prevented from continuing its hacking operations as a result of our outage, but we think we have taken down a critical element of the infrastructure that the gang has been depending on for this new series of assaults, according to Mr. Burt.
As a result of its investigation, Microsoft discovered that the organisation often targeted areas where China has a geopolitical interest. Nickel targeted diplomatic organisations and foreign affairs ministries in the Western Hemisphere, Europe, and Africa, among other organisations, according to the company’s statement.
More than 10,000 fraudulent websites used by hackers and over 600 websites used by nation-state actors have been taken down, according to the company’s Digital Crimes Unit, which has filed 24 lawsuits and barred the registration of 600,000 more domain names.
A researcher at the cybersecurity firm Huntress Labs, John Hammond, said Microsoft’s action to the websites was an excellent example of “proactive defence against cybercrime.”
According to Mr. Hammond, “Microsoft’s response is an excellent example of taking such preventative measures before threat actors do further harm.” He also said that the action “sends a signal to the aggressor when critical infrastructure is brought down.”
After a hacking effort this year hacked a Microsoft email service used by some of the world’s major corporations and countries, the Biden administration accused China of being behind it. The accusation was made in July.
A few of the European nations who attacked China at the time said that the country had allowed hackers to operate on its soil; however, the United States and the United Kingdom went even farther, claiming that the Chinese government was directly involved.
A spokeswoman for the Chinese Embassy at the time, Liu Pengyu, said that the charge was just one of many “baseless accusations” against the country.