Security News > 2021 > December > Microsoft seizes sites used by APT15 Chinese state hackers
Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.
"Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.
These Chinese-backed hackers use compromised third-party VPN suppliers, credentials stolen in spear-phishing campaigns, and exploits targeting unpatched on-premises Exchange Server and SharePoint servers to hack into their targets' networks.
"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Burt added.
Microsoft's Digital Crimes Unit also disrupted the Iran-backed APT35 threat actor in December 2019 after taking over servers used in its cyber attacks.
Previously, Microsoft filed 15 similar cases against the Russian-backed group Strontium in August 2018, which led to the seizure of 91 malicious domains.
News URL
Related news
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)