Security News > 2021 > December > Microsoft seizes sites used by APT15 Chinese state hackers
Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.
"Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.
These Chinese-backed hackers use compromised third-party VPN suppliers, credentials stolen in spear-phishing campaigns, and exploits targeting unpatched on-premises Exchange Server and SharePoint servers to hack into their targets' networks.
"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Burt added.
Microsoft's Digital Crimes Unit also disrupted the Iran-backed APT35 threat actor in December 2019 after taking over servers used in its cyber attacks.
Previously, Microsoft filed 15 similar cases against the Russian-backed group Strontium in August 2018, which led to the seizure of 91 malicious domains.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Chinese hackers breached T-Mobile's routers to scope out network (source)