Security News > 2021 > December > Microsoft seizes sites used by APT15 Chinese state hackers
Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.
"Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.
These Chinese-backed hackers use compromised third-party VPN suppliers, credentials stolen in spear-phishing campaigns, and exploits targeting unpatched on-premises Exchange Server and SharePoint servers to hack into their targets' networks.
"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Burt added.
Microsoft's Digital Crimes Unit also disrupted the Iran-backed APT35 threat actor in December 2019 after taking over servers used in its cyber attacks.
Previously, Microsoft filed 15 similar cases against the Russian-backed group Strontium in August 2018, which led to the seizure of 91 malicious domains.
News URL
Related news
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- U.S. org suffered four month intrusion by Chinese hackers (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)