Microsoft succeeded in blocking the illicit activities of a chinese hacker group known as Nickel that spied on at least 29 countries, among them United States and Mexico, Through the Information theft through internet pages that apparently collected data from governmental agencies, groups of experts and human rights organizations.
The technology company disclosed on its blog that it filed an application in a Virginia court for confiscate the websites used by this group of cybercriminals to steal information and attack victims: in an unprecedented event, the justice system granted the request and allowed cut the hosting service of these portals and thus take control of them.
The Nickel group was being tracked by Microsoft since 2016, although it was three years later that it began to analyze its activity constantly when it was discovered that it was one of the most active cyber spy networks in the country and that they were mainly attacking entities that manage sensitive information and even considered national security.
Microsoft specified in its report that Nickel operates in accordance with the China’s geopolitical interests, a country with which the United States maintains a “trade war“Over the years.” Getting control of malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect current and future victims while we learn more about Nickel’s activities, “the company said. founded by Bill Gates.
How does Nickel operate?
The Microsoft Threat Intelligence Center (MSTIC, for its acronym in English) detailed that this group of Chinese hackers, which is also tracked by other names such as KE3CHANG, APT15, Vixen Panda, Royal APT and Playful Dragon, resorts to “sophisticated attacks with a variety of techniques” against of public and private organizations, diplomatic organizations and foreign affairs secretariats.
The way it regularly operates is inserting hard-to-trace malware in the equipment that facilitates intrusion, surveillance and the data theft. Sometimes it does this through virtual private network providers (known as VPN) from compromised third parties or with stolen credentials through pishing; Microsoft also found that Nickel also used exploits targeting on-premises Exchange Server and SharePoint systems without patches.
In addition to the United States and Mexico, the hackers spied on public and private entities in Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras , Hungary, Italy, Jamaica, Mali, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom and Venezuela.
WhatsApp: This is how cybercriminals hack accounts; follow these tips to protect yourself