Security News > 2021 > December > Microsoft seizes sites used by APT15 Chinese state hackers

Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.

"Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.

These Chinese-backed hackers use compromised third-party VPN suppliers, credentials stolen in spear-phishing campaigns, and exploits targeting unpatched on-premises Exchange Server and SharePoint servers to hack into their targets' networks.

"To date, in 24 lawsuits - five against nation-state actors - we've taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors," Burt added.

Microsoft's Digital Crimes Unit also disrupted the Iran-backed APT35 threat actor in December 2019 after taking over servers used in its cyber attacks.

Previously, Microsoft filed 15 similar cases against the Russian-backed group Strontium in August 2018, which led to the seizure of 91 malicious domains.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-seizes-sites-used-by-apt15-chinese-state-hackers/