Security News > 2021 > December > Microsoft seizes sites used by APT15 Chinese state hackers
Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.
"Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.
These Chinese-backed hackers use compromised third-party VPN suppliers, credentials stolen in spear-phishing campaigns, and exploits targeting unpatched on-premises Exchange Server and SharePoint servers to hack into their targets' networks.
"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Burt added.
Microsoft's Digital Crimes Unit also disrupted the Iran-backed APT35 threat actor in December 2019 after taking over servers used in its cyber attacks.
Previously, Microsoft filed 15 similar cases against the Russian-backed group Strontium in August 2018, which led to the seizure of 91 malicious domains.
- Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit (source)
- Researchers Trace Widespread Espionage Attacks Back to Chinese 'Cicada' Hackers (source)
- Chinese hackers abuse VLC Media Player to launch malware loader (source)
- Chinese Hacker Groups Continue to Target Indian Power Grid Assets (source)
- Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers (source)
- Chinese hackers behind most zero-day exploits during 2021 (source)
- Chinese state-backed hackers now target Russian state officers (source)
- Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (source)
- Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (source)
- Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (source)