Microsoft Seizes Domains Used By Chinese Cyber-Espionage Group ‘Nickel’

An anonymous reader quotes a report from The Record: Microsoft said today that its legal team has successfully obtained a court warrant that allowed it to seize 42 domains used by a Chinese cyber-espionage group in recent operations that targeted organizations in the US and 28 other countries. Tracked by Microsoft as Nickel, but also known under other names such as APT15, Mirage, or Vixen Panda, Ke3Chang, and others, the group has been active since 2012 and has conducted numerous operations against a broad set of targets. Tom Burt, Microsoft VP of Customer Security & Trust, said today that the recent domains had been used for “intelligence gathering” from government agencies, think tanks, and human rights organizations.

Burt said the seized domains were being used to gather information and data from the hacked organizations. “Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Burt said in a blog post today announcing the company’s legal action against Nickel domains. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” he added. According to Burt, the group’s victims had been hacked using compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear-phishing campaigns, which is in tune with similar industry reports detailing recent tactics used by Chinese espionage groups, in general.