Fight against pirates | Features World


Microsoft’s Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group we call Nickel.

In documents that were unsealed last week, a Virginia federal court granted the request to seize websites used by Nickel to attack organizations in the United States, Argentina, Barbados, Bosnia and Herzegovina. , Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal , Switzerland, Trinidad and Tobago, United Kingdom and Venezuela, allowing Microsoft to reduce disabling Nickel’s access to its victims and prevent websites from being used to carry out attacks.

Microsoft believes the attacks were widely used for intelligence gathering from government agencies, think tanks, and human rights organizations.

On December 2, Microsoft filed petitions with the U.S. District Court for the Eastern District of Virginia seeking permission to take control of the sites. The court quickly issued an order which was unsealed after the service on hosting providers was completed.

Gaining control over malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help protect existing and future victims while learning more about Nickel’s business.

Customer notifications

Microsoft’s disruption won’t stop Nickel from pursuing other hacking activities, but it has removed a key piece of the infrastructure the group relied on for this latest wave of attacks.

Microsoft’s DCU was a pioneer in using this legal strategy against cybercriminals and, more recently, nation-state hackers. To date, in 24 lawsuits – five against state actors – Microsoft has removed more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by state actors. Microsoft was also successful in blocking the registration of 600,000 sites to get ahead of criminal actors who planned to use them maliciously in the future.

Microsoft’s Threat Intelligence Center (MSTIC) has been tracking Nickel since 2016 and analyzing this specific activity since 2019. As with any observed activity of a nation-state actor, Microsoft continues to send notifications to customers who have been attacked or compromised, when possible. by giving them the information they need to protect their accounts.

The attacks observed by MSTIC are very sophisticated and use a variety of techniques, but they almost always had only one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance and data theft. Sometimes Nickel attacks used compromised third-party virtual private network (VPN) providers or stolen credentials obtained from spear phishing campaigns.

In some observed activities, the Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems.

However, new vulnerabilities have been observed in Microsoft products as part of these attacks. Microsoft has created unique signatures to detect and protect known Nickel activity through its security products, such as Microsoft 365 Defender.

Nickel has targeted public and private sector organizations, including diplomatic organizations and foreign ministries from North America, Central America, South America, the Caribbean, Europe and Africa.

There is often a correlation between Nickel’s goals and China’s geopolitical interests. Other members of the security community who have researched this group of actors refer to the group by other names, including “KE3CHANG”, “APT15”, “Vixen Panda”, “Royal APT” and “Playful Dragon”.

Attacks on nation states continue to proliferate in number and sophistication. Microsoft’s target, in this case, as in previous disruptions targeting Barium, which operates from China, Strontium, which operates from Russia, Phosphorus, which operates from Iran and Thallium, which operates from North Korea. , is to dismantle malicious infrastructures, better understand the tactics of actors, protect customers and inform the wider debate on acceptable standards in cyberspace.

Call to join forces

“We will continue to relentlessly deploy our efforts to improve ecosystem security and we will continue to share the activity we see no matter where it comes from,” said Tom Burt, vice president of security and safety. customer trust.

Burt says no individual action by Microsoft or anyone in the industry will stop the wave of attacks we’ve seen from nation states and cybercriminals working within their borders.

“We need industry, governments, civil society and others to come together and build a new consensus on what is and is not appropriate behavior in cyberspace. We are encouraged by the recent progress.

Last month, the United States and the European Union joined the Paris Appeal for Confidence and Security in Cyberspace, the world’s largest multi-party confirmation of cybersecurity fundamentals with more than 1,200 endorsers ” , said Burt.

The Oxford Process brought together some of the best legal scholars to assess the application of international law to cyberspace. And the United Nations has taken critical steps to advance the dialogue among stakeholders.

“It is our responsibility, and that of every entity with the appropriate expertise and resources, to do everything possible to help build trust in technology and protect the digital ecosystem. “


About Thomas Brown

Check Also

Exit polls: What voters think as America heads to the polls

CNN — Read below for an analysis of CNN’s 2022 preliminary national exit polls. According …