Microsoft’s Digital Crimes Unit (DCU) has seized websites used by a China-based cyber-espionage hacking team to wage cyberattacks on government agencies, think tanks, and human rights organizations in some 29 countries, including the US.
The hacking group, dubbed Nickel by Microsoft, is also known as APT15, Vixen Panda, KE3CHANG, Royal APT, and Playful Dragon.
The disruption of the threat group’s infrastructure came via a court order granted to Microsoft by the US District Court for the Eastern District of Virginia and unsealed today.
“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” wrote Tom Burt, vice president of customer security and trust, in a post announcing the news today. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”
Microsoft’s Threat Intelligence Center has been monitoring Nickel since 2016 and studying the groups cyber-espionage campaigns via the infrastructure since 2019. The attackers targeted unpatched Exchange Server and SharePoint systems.