Microsoft said Monday that it had seized 42 websites from a Chinese hacker group in order to disrupt the group’s intelligence activities.
The company said in a press release that a federal court in Virginia has granted Microsoft’s motion to allow its digital crimes division to take over US-based websites run by a hacking group called Nickel or APT15. The company redirects website traffic to secure Microsoft servers to “help us protect existing and future victims while learning more about Nickel’s activities”.
Microsoft said it had tracked Nickel since 2016 and found that its “sophisticated” attacks were aimed at installing low-level malware that enabled surveillance and data theft.
In this most recent case, Nickel attacked organizations in 29 different countries and was believed to be using the information it gathered “to gather information from government agencies, think tanks, universities and human rights organizations,” said Tom Burt, Microsoft’s corporate vice president of customer safety and trust in the press release. Microsoft did not name the target organizations.
The company said it had not discovered any new vulnerabilities in Microsoft products related to the attacks.
“Our interruption will not prevent Nickel from continuing other hacking activities, but we believe we have removed an important part of the infrastructure that the group relied on for this latest wave of attacks,” said Burt.
Microsoft said it found the group often targeted regions where China has a geopolitical interest. Nickel has targeted diplomatic organizations and foreign ministries in the western hemisphere, Europe and Africa, the company said.
The company said its Digital Crimes Unit had used more than 10,000 malicious websites run by cyber criminals and nearly 600 by nation-state actors in 24 legal proceedings, and blocked another 600,000 from registering.
US cybersecurity agencies have warned that Chinese hacking poses a “great threat” to the United States and its allies.
In July, the Biden administration accused the Chinese government to be responsible for it a hacking campaign Earlier this year that compromised a Microsoft email service used by some of the world’s largest corporations and governments.
Some of the European governments that condemned China at the time accused its government of allowing hackers to operate on Chinese territory, but the US and UK went a step further and said the Chinese government was directly responsible.
China’s Ministry of State Security “has fostered an ecosystem of criminal contract hackers who carry out both government-sponsored activities and cybercrime for their own financial gain,” said Foreign Minister Antony J. Blinken at the time.
Liu Pengyu, a spokesman for the Chinese embassy, said the allegation was one of many “baseless attacks”.
This is a developing story. It will be updated.