Microsoft's Digital Crimes Unit (DCU) said it has disrupted the activities of a Chinese hacker group called Nickel by taking down several malicious websites they were using to carry out cyberattacks on organizations across 28 countries, including the United States.
Microsoft believes the websites were being used for spying and stealing sensitive data from the government, think tanks and human rights bodies.
"Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities," Tom Burt - Corporate Vice President, Customer Security and Trust, said in a blog post.
Burt added that blocking access to the websites will not put an end to Nickel's activities but it will be a blow to them.
"We do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," he added.
Set up in 2008, Microsoft's Digital Crimes Unit includes technical, legal and business experts from various countries. So far, the unit has taken down over 10,000 malicious websites used by hacker groups and close to 600 sites operated by nation state-backed threat actors. The unit has also managed to prevent hacker groups from registering 600,000 websites.
Also referred to as APT15, Vixen Panda, KE3CHANG, Royal APT and Playful Dragon by security researchers, Nickel has been on the radar of the Microsoft Threat Intelligence team since 2016 and they have been investigating their use of malicious websites to carry out attacks since 2019.
Their investigation revealed that Nickel usually targets organizations by planting malware to carry out surveillance and data theft. They are also known to use stolen credentials acquired through spear-phishing campaigns, in addition to exploiting compromised third-party virtual private network (VPN) suppliers. Microsoft also found that Nickel has also targeted unpatched on-premises Exchange Server and SharePoint systems.
India has been on the radar of several state-backed hacker groups. On November 17, 2021, Microsoft reported an increase in attacks on Indian organizations by Iran backed threat actor groups. The attacks intensified in August, as per Microsoft which issued 1,788 nation-state notifications (NSNs) to its enterprise customers in India, 80% of which were IT companies.
According to a September 22, 2021 reportby the US-based cybersecurity company Recorded Future, Chinese state-backed cyber attacks on Indian organizations increased by 261% as of August 2021.
After the border clash between India and China in 2020, Chinese state-backed threat actor groups Gothic Panda and Stone Panda had planned a series of cyberattacks targeting dozens of Indian organizations including media houses, pharma companies and government agencies, Mint reported on June 19, 2020.