Microsoft said it was able to gain control of a number of websites that were used by a supposedly Chinese government-backed hacker group to attack organizations in 29 countries, including the United States.

Crimes Microsoft (DCI) reported that a federal court in Virginia has issued an order allowing the company to take control of websites and redirect traffic to Microsoft's servers. According to the company, the malicious sites were used by a state-sponsored hacking group known as Nickel, or APT15, to collect intelligence from government agencies, think tanks and human rights organizations.

Microsoft, which has been tracking Nickel since 2016 and previously described As one of the “most active” hacker groups targeting government agencies, she said it had seen “highly sophisticated” attacks that installed hard-to-detect malware. In some cases, according to the company, attacks used compromised third-party virtual private network (VPN) providers and credentials from targeted phishing campaigns, while other scenarios exploited vulnerabilities in Microsoft Exchange and SharePoint to penetrate corporate networks.

“Taking control of malicious websites and redirecting traffic from those sites to secure Microsoft servers will help us protect existing and future victims while learning more about Nickel's activities,” wrote Tom Burt, vice president of Microsoft for the safety and trust of customers. He noted that the company's actions will not stop Nickel from continuing to hack, but Microsoft is confident that it has removed a key piece of infrastructure that the group relied on for this latest wave of attacks.

In addition to the US, Microsoft has targeted organizations in Argentina. Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland , Trinidad and Tobago, United Kingdom and Venezuela.

Microsoft said its digital crime unit has blocked more than 10,000 malicious websites used by cybercriminals and nearly 600 government websites. Earlier this year, the team took control of malicious web domains that were used in a large-scale phishing cyberattack targeting victims in 62 countries.

In March, Microsoft announced an attack on Microsoft Exchange Server. According to the company, the hacker group Hafnium was behind the hack. As a result of the attack, tens of thousands of organizations were compromised in the United States alone. In July, NATO and the US government publicly accused China's Ministry of State Security of a cyberattack on Microsoft Exchange.

According to Microsoft, from July 2020 to June 2021, 58% of all cyberattacks originated from Russia. Chinese hackers are less active, the company noted, but almost always successfully: China accounted for less than 10% of attacks carried out with government support, but in 44% of cases, targets were hacked.

In October, the US held an international cybersecurity forum, to which the US government invited representatives from 30 countries and the European Union, but did not invite Russia and China.

In the same month, China hosted the Tianfu Cup national hacker tournament. Its winners were awarded more than $ 1.5 million for hacking popular software in the world, including Chrome, iOS 15, Windows 10, Microsoft Exchange Server 2019, etc.

In November, Microsoft provided more than 55 updates for different vulnerabilities in their products, including two zero-day vulnerabilities seen in hacker attacks. One of them was related to Microsoft Exchange Server and related to remote code execution.

bbabo.Net