The hacker group, which Microsoft has dubbed Nickel, has been in the Microsoft spotlight since at least 2016, and the software company has been tracking its disruptive data-collection campaign since 2019. Attacks - against government agencies, think tanks, and human rights organizations in the US And another 28 countries were "too complex" and used a variety of techniques, including exploiting weaknesses in software for which targets still need to be fixed. out
Late last week, Microsoft sought a court order to ban websites that Nickel had used to compromise its targets. An Eastern Virginia District Court upheld the request and overturned the ruling on Monday. By controlling the Nickel infrastructure, Microsoft now "sumps" traffic, meaning it's diverting from Nickel and Microsoft servers, which can neutralize the threat and obtain information about how the group and its software operate. p> “Control malware. Websites and redirecting traffic from those sites to secure Microsoft servers help us protect current and future victims while learning more about nickel activity,” wrote Tom Burt, Vice President of Security and Customer Trust.». In a blog post, “Our disruption does not prevent other hacking activities from continuing, but we believe we have removed a key part of the infrastructure on which the group relied in this latest wave of attacks.” p> Advertising
Target sectors include the public and private sectors, including diplomatic missions and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa. There has often been a correlation between China's geopolitical goals and interests.
The target organizations were located in other countries, including Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia and the Czech Republic. , Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom, Venezuela. p> < p Messages used by other nickel security researchers include "KE3CHANG," "APT15," "Vixen Panda," "Royal APT," and "Playful Dragon."
More than 10,000 sites have been removed. h2>
Microsoft's legal action last week was the company's 24th lawsuit against threats, five of which are state-backed. These complaints led to the removal of 10,000 malicious websites used by financially motivated hackers and nearly 600 websites used by national government hackers. Microsoft also banned the registration of 600,000 sites that the hackers intended to use in the attacks. He used several federal laws—including the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the US Trademark Act—as a way to seize domain names used for command and control servers. Legal action in 2012 led to the seizure of infrastructure used by the Kremlin-backed hacker group Fancy Bear, as well as state-backed attack groups in Iran, China and North Korea. The software maker has also used complaints to disable botnets with names like Zeus, Nitol, ZeroAccess, Bamatal, and TrickBot.
Study More Millions of Dynamic DNS users suffer after Microsoft No-IP domains are banned. Microsoft's legal action in 2014 removed more than 1 million legitimate servers based on No-IP.com, increasing the volume. A large number of law-abiding people who are unable to access benign websites. Microsoft has come under heavy criticism for the move.
VPNs, Stolen Credentials, Unmodified Servers
In some cases, Nickel hacks targets using third-party VPN providers or steals credit through phishing. In other cases, the group used vulnerabilities that Microsoft had fixed, but the victims had not yet installed them on internal Exchange Server or SharePoint systems. A separate blog post published by the Microsoft Threat Information Center explains:Advertising
MSTIC has determined that NICKEL operators are using exploits against unmodified systems to compromise remote access services and devices. After a successful hack, they used credit cultivators or thieves to obtain legal credentials, which they used to gain access to the victim's accounts. NICKEL representatives created and deployed custom malware that allowed them to remain on victims' networks for extended periods of time. MSTIC also noted that NICKEL collects recurring and scheduled data and exits victim networks, and that unmodified SharePoint is vulnerable. They also attack remote access infrastructure, such as patched VPNs, as detailed in the April 2021 FireEye blog detailing a 0-day vulnerability in Pulse Secure VPN that has since been fixed. p>
This latest blog offers suggestions for avoiding Nickel attacks as well as tags managers can use to identify . If they are targeted or hacked by a hacker group. p>
With the precise deployment of the James Webb Space Telescope in its final orbit, the Lagrangian point halo orbit is the last step in a month-long jou...
There have been many rumors in recent months about Apple trying to discard Samsung-made displays. In 2020, there were some reports of the use of scree...
Samsung Galaxy S22 series phones will be introduced soon along with Exynos 2200 and Snapdragon 8 generation 1 chips. Meanwhile, it seems that Samsung ...
Entrepreneurship is a really complex subject. If entrepreneurs do not always do their best, they are more likely to fail. Research has shown that more...