In a blog post, Microsoft’s Corporate Vice President for Customer Security and Trust Tom Burt announced the disruption of a China-based hacking group that targeted firms in the United States and 28 other countries across the world. Burt confirmed, that as part of the crackdown, the tech giant has used a court order to seize as many as 42 malicious web domains used by this China-based hacking group called Nickel or APT15. Traffic from these websites is now routed to computer servers controlled by Microsoft.
“The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel. In documents that were unsealed today, a federal court in Virginia has granted our request to seize websites Nickel was using to attack organizations in the United States and 28 other countries around the world, enabling us to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks,” Burt said on Monday.
Microsoft said it had been tracking Nickel since 2016 and had found that its “highly sophisticated” attacks intended to install unobtrusive malware that allowed for surveillance and data theft.
Burt stated that Microsoft believes Nickel’s attacks on organisations spread across 29 countries were carried out to gather intelligence for government agencies, think tanks, and human rights organisations.
They’ve attacked public and private institutions all across the world, including diplomatic missions and ministries. Microsoft added that these attacks are believed to be linked to China’s geopolitical objectives.
Though Microsoft did not name the organizations that had been targeted, it said that the Chinese hackers have a history of attempting to steal sensitive material from diplomatic organisations and foreign affairs ministries in North and South America, Europe, and Africa.
Taking control of the malicious websites and transferring traffic to Microsoft’s protected servers will let the business better safeguard current and prospective victims while also learning more about Nickel’s operations, said the tech giant.
Microsoft mail server cyber software attack a handiwork of China-backed hackers: USA
It is pertinent to note here that America had attributed the Microsoft mail server cyber software attack earlier this year, to the China-backed hackers. The brazen cyber attack on the Microsoft Exchange became public in March this year. It is believed to have hit at least 30,000 American organizations and hundreds of thousands more worldwide.
According to Microsoft’s Threat Intelligence Centre, the cyber-group named Hafnium, a group of hackers on the Chinese state payroll, was responsible for the attack on Microsoft. A senior official in the White House told reporters in a briefing during the weekend that the US government had “high confidence” that the Exchange hackers were being paid by the Chinese government.
Chinese hackers attack Mumbai’s power grid
It may be recalled that last year in October, Mumbai and suburban areas had witnessed a power outage because of a grid failure bringing the city, including its local trains, to a complete halt. The power outage that occurred across Mumbai, Thane and Navi Mumbai was suspected to be the handiwork of the Chinese, who wanted to launch a widespread cyber campaign against India’s power grid to send a message that “if India pushed too hard, the light could go out”.
The Mumbai blackout had come just a few months after Chinese and Indian troops had clashed in Galwan Valley. The India China standoff had lasted months and had caused casualties on both sides.
In March this year, the Centre had, however, confirmed that no data breach was breached during the attempt made by Chinese hackers to target the country’s power grid system. The Power Ministry also said that there had been no impact from the alleged Chinese hacking attempt against India’s power grid system.