Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia.
The Redmond company attributed the malicious activities to a group it pursues as Nickel, and by the wider cybersecurity industry under the monikers APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon, and Vixen Panda. The advanced persistent threat (APT) actor is believed to have been active since at least 2012.
“Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa,” Microsoft’s Corporate Vice President for Customer Security and Trust, Tom Burt, said. “There is often a correlation between Nickel’s targets and China’s geopolitical interests.”
The rogue infrastructure enabled the hacking crew to maintain long-term access to the compromised machines and execute attacks for intelligence gathering purposes targeting unnamed government agencies, think tanks, and human rights organizations as part of a digital espionage campaign dating back to September 2019.
Microsoft painted the cyber assaults as “highly sophisticated” that used a multitude of techniques, including breaching remote access services and exploiting vulnerabilities in unpatched VPN appliances as well as Exchange Server and SharePoint systems to “insert hard-to-detect malware that facilitates intrusion, surveillance and data theft.”
images from Hacker News