The ongoing battle against hackers has seen a new development. Microsoft has seized control of servers belonging to a China-based hacking group. Dubbed “Nickle,” the hacking group has been targeting government agencies and human rights organizations in the U.S. and 28 other countries. According to Microsoft, the group is highly sophisticated and has been operating since at least 2016. Now that Microsoft possesses the servers, the company will divert traffic away from them to keep its targets safe. - IT Business
Microsoft’s Digital Crimes Unit has seized control of 42 websites operated by a China-based hacking group dubbed Nickel, disrupting their ongoing attacks targeting organisations globally, the company said in a blog post.
The software giant noted that it took down the servers of Nickel, which targeted governments, diplomatic entities, and non-governmental organisations in 29 countries, following a federal court order granting it the permission for seizure.
“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” the tech firm said, adding that the disruption will not prevent Nickel from continuing other hacking activities.
The Microsoft Threat Intelligence Center has been tracking Nickel since 2016 and analysing the group’s current operations since 2019.
According to the company, Nickel exploited unpatched systems to compromise remote access services as well as appliances and after gaining access, it obtained legitimate credentials and used them to get into victim accounts.
The group also created and deployed custom malware that allowed it to maintain persistence on victim networks over extended periods, enabling it to perform frequent and scheduled data collection and exfiltration from victim networks, Microsoft explained.
Its implants can collect system information, like IP address, OS version, system language ID, computer name, and signed-in username.
“There is often a correlation between Nickel’s targets and China’s geopolitical interests,” the Redmond-based firm said. “We assess that China-based threat actors will continue to target customers in government, diplomatic, and NGO sectors to gain new insights, likely in pursuit of economic espionage or traditional intelligence collection objectives,” it added.
Nickel is referred by other names, such as KE3CHANG, APT15, Vixen Panda, Royal APT and Playful Dragon. Microsoft noted it has created unique signatures to detect and protect from known Nickel activity through its security products.
Source - The Hindu