Security News > 2021 > December > Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers
Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia.
"Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," Microsoft's Corporate Vice President for Customer Security and Trust, Tom Burt, said.
The rogue infrastructure enabled the hacking crew to maintain long-term access to the compromised machines and execute attacks for intelligence gathering purposes targeting unnamed government agencies, think tanks, and human rights organizations as part of a digital espionage campaign dating back to September 2019.
Microsoft painted the cyber assaults as "Highly sophisticated" that used a multitude of techniques, including breaching remote access services and exploiting vulnerabilities in unpatched VPN appliances as well as Exchange Server and SharePoint systems to "Insert hard-to-detect malware that facilitates intrusion, surveillance and data theft."
Upon gaining an initial foothold, Nickel has been found deploying credential dumping tools and stealers such as Mimikatz and WDigest to hack into victim accounts, followed by delivering custom malware that allowed the actor to maintain persistence on victim networks over extended periods of time and conduct regularly scheduled exfiltration of files, execute arbitrary shellcode, and collect emails from Microsoft 365 accounts using compromised credentials.
"As China's influence around the world continues to grow and the nation establishes bilateral relations with more countries and extends partnerships in support of China's Belt and Road Initiative, we assess that China-based threat actors will continue to target customers in government, diplomatic, and NGO sectors to gain new insights, likely in pursuit of economic espionage or traditional intelligence collection objectives," Microsoft said.
News URL
https://thehackernews.com/2021/12/microsoft-seizes-42-malicious-web.html
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)