Microsoft seizes domains used by 'highly advanced' hackers in China
Move allows Microsoft to track infected traffic devices that are sent to the hackers' servers. It is aligned, and it is taken.

The hacker group, which Microsoft has dubbed Nickel, has been in the Microsoft spotlight since at least 2016, and the software company has been tracking its disruptive data-collection campaign since 2019. Attacks - against government agencies, think tanks, and human rights organizations in the US And another 28 countries were "too complex" and used a variety of techniques, including exploiting weaknesses in software for which targets still need to be fixed. out

Late last week, Microsoft sought a court order to ban websites that Nickel had used to compromise its targets. An Eastern Virginia District Court upheld the request and overturned the ruling on Monday. By controlling the Nickel infrastructure, Microsoft now "sumps" traffic, meaning it's diverting from Nickel and Microsoft servers, which can neutralize the threat and obtain information about how the group and its software operate. “Control malware. Websites and redirecting traffic from those sites to secure Microsoft servers help us protect current and future victims while learning more about nickel activity,” wrote Tom Burt, Vice President of Security and Customer Trust.». In a blog post, “Our disruption does not prevent other hacking activities from continuing, but we believe we have removed a key part of the infrastructure on which the group relied in this latest wave of attacks.” Advertising

Target sectors include the public and private sectors, including diplomatic missions and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa. There has often been a correlation between China's geopolitical goals and interests.

The target organizations were located in other countries, including Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia and the Czech Republic. , Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom, Venezuela. < p Messages used by other nickel security researchers include "KE3CHANG," "APT15," "Vixen Panda," "Royal APT," and "Playful Dragon."

More than 10,000 sites have been removed. h2>

Microsoft's legal action last week was the company's 24th lawsuit against threats, five of which are state-backed. These complaints led to the removal of 10,000 malicious websites used by financially motivated hackers and nearly 600 websites used by national government hackers. Microsoft also banned the registration of 600,000 sites that the hackers intended to use in the attacks. He used several federal laws—including the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the US Trademark Act—as a way to seize domain names used for command and control servers. Legal action in 2012 led to the seizure of infrastructure used by the Kremlin-backed hacker group Fancy Bear, as well as state-backed attack groups in Iran, China and North Korea. The software maker has also used complaints to disable botnets with names like Zeus, Nitol, ZeroAccess, Bamatal, and TrickBot.

Study More Millions of Dynamic DNS users suffer after Microsoft No-IP domains are banned. Microsoft's legal action in 2014 removed more than 1 million legitimate servers based on, increasing the volume. A large number of law-abiding people who are unable to access benign websites. Microsoft has come under heavy criticism for the move.

VPNs, Stolen Credentials, Unmodified Servers

In some cases, Nickel hacks targets using third-party VPN providers or steals credit through phishing. In other cases, the group used vulnerabilities that Microsoft had fixed, but the victims had not yet installed them on internal Exchange Server or SharePoint systems. A separate blog post published by the Microsoft Threat Information Center explains:


MSTIC has determined that NICKEL operators are using exploits against unmodified systems to compromise remote access services and devices. After a successful hack, they used credit cultivators or thieves to obtain legal credentials, which they used to gain access to the victim's accounts. NICKEL representatives created and deployed custom malware that allowed them to remain on victims' networks for extended periods of time. MSTIC also noted that NICKEL collects recurring and scheduled data and exits victim networks, and that unmodified SharePoint is vulnerable. They also attack remote access infrastructure, such as patched VPNs, as detailed in the April 2021 FireEye blog detailing a 0-day vulnerability in Pulse Secure VPN that has since been fixed. hackers also used the credentials to log into Microsoft 365 Target accounts by logging in with the old Exchange Web Services browser and protocol. This activity allowed hackers to track and collect sensitive emails. Microsoft has also noted that Nickel successfully interfered with high-risk accounts through commercial VPN providers and actor-controlled infrastructure.

This latest blog offers suggestions for avoiding Nickel attacks as well as tags managers can use to identify . If they are targeted or hacked by a hacker group. The journey of the James Webb Space Telescope to its final orbit was successful

The journey of the James Webb Space Telescope to its final orbit was successful

With the precise deployment of the James Webb Space Telescope in its final orbit, the Lagrangian point halo orbit is the last step in a month-long jou... The iPhone 15 Pro may come with a display made by the Chinese company BOE

The iPhone 15 Pro may come with a display made by the Chinese company BOE

There have been many rumors in recent months about Apple trying to discard Samsung-made displays. In 2020, there were some reports of the use of scree... The 9000 Density chipset is likely to make its way into Samsung's Galaxy A series handsets

The 9000 Density chipset is likely to make its way into Samsung's Galaxy A series handsets

Samsung Galaxy S22 series phones will be introduced soon along with Exynos 2200 and Snapdragon 8 generation 1 chips. Meanwhile, it seems that Samsung ... 8 main reasons for the failure of entrepreneurship and investments

8 main reasons for the failure of entrepreneurship and investments

Entrepreneurship is a really complex subject. If entrepreneurs do not always do their best, they are more likely to fail. Research has shown that more...