Tom Burt, corporate vice president for customer security and trust at Microsoft, said the company has seized websites belonging to a Chinese cybercriminal group that gathers intelligence from government agencies, universities and organizations in the U.S.
In a blog post published Monday, Burt wrote that the U.S. District Court for the Eastern District of Virginia had allowed Microsoft’s Digital Crimes Unit to take control over the U.S.-based domains being run by the hacker group known as Nickel or APT15 and redirect the websites’ traffic to the company’s secure servers.
Microsoft’s Threat Intelligence Center has been tracking Nickel since 2016 and found that the group employed highly sophisticated techniques to deploy malicious software built to facilitate intrusion, surveillance and data theft. In some cases, Nickel would compromise third-party virtual private network suppliers and steal credentials through spear-phishing campaigns to target victims in 29 countries worldwide.
According to Burt, the group has also exploited unpatched Microsoft Exchange Server and SharePoint systems.
“Microsoft has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender,” said Burt.
According to a report, Microsoft seized 42 websites from Nickel.
To date, the Digital Crimes Unit has taken down more than 10,000 websites used by cybercriminals and almost 600 sites owned by nation-state actors and blocked the registration of 600,000 potentially malicious domains.