Microsoft seizes domains used to attack 29 governments in Latin America, the Caribbean and Europe

Microsoft has announced the seizure of dozens of domains used by the China-based APT Group Nickel to attack governments and NGOs in Europe, the Americas and the Caribbean.

of Two blog posts Published on Monday, Microsoft Vice President Tom Burt, Microsoft Digital Crimes Unit, and Microsoft Threat Intelligence Center have been tracking nickel since 2016, and a federal court in Virginia said it had approved the company’s seizure request. The website used by the group To attack organizations in the United States and other countries.

Bert was on December 2nd by the company Proceedings The United States District Court for the Eastern District of Virginia can “block access to nickel victims and prevent websites from being used to carry out attacks.”

“We believe these attacks were primarily used to gather information from government agencies, think tanks and human rights groups,” said Bert.

“The court quickly approved the order opened today after the service at the hosting provider was completed. It gains control of malicious websites and redirects traffic from those sites to Microsoft’s secure servers. By doing so, you can protect your existing and future victims while learning more about Nickel’s activities .. Our confusion does not prevent Nickel from continuing other hacking activities, but this latest. We believe we have removed an important part of the infrastructure that the group relied on due to the wave of attacks. “


Attacks involving the insertion of hard-to-detect malware that allow intrusion, surveillance and data theft include Argentina, Barbados, Bosnia, Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominica, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom, United States, Venezuela.

The Microsoft Threat Intelligence Center has discovered that nickel can endanger VPN suppliers and obtain stolen credentials, but in other cases, unpatched Exchange Server and I was using a SharePoint system.

The company pointed out that a new vulnerability in Microsoft products was not used as part of the attack. However, when an attacker entered the network, he sought a way to access more valuable accounts and other scaffolding in the system. According to Microsoft, he saw nickel attackers using Mimikatz, WDigest, NTDSDump, and other password dump tools during the attack.

“There is often a correlation between Nickel’s goals and China’s geopolitical interests. Others in the security community who studied the actors in this group were” KE3CHANG, “” APT15, “” Vixen Panda, “and” We refer to the group by other names such as “Royal”. “APT” and “playful dragon”, Bart explained.

“Nation-state attacks continue to grow in number and sophistication. In this case, the goal is to target Barium in China, Strontium in Russia, Lin in Iran, and Tallium in North Korea. Similar to the previous turmoil that South Korea has done to destroy malicious infrastructure, better understand attacker tactics, protect customers, and inform a broad discussion of norms accepted in cyberspace. is.”

Bert added that Microsoft has filed 24 proceedings so far, allowing more than 10,000 malicious websites from cybercriminals to be removed from national groups, nearly 600. Microsoft seizes domains used to attack 29 governments in Latin America, the Caribbean and Europe

Back to top button