Microsoft seizes URLs used by Chinese cybercrime group

URLs reportedly belonged to notorious APT15 collective

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas seized dozens of domains that it alleges were used by Chinese cybercriminals.

After getting a court warrant, Microsoft took down 42 domains used by APT15, also known as Mirage (or Vixen Panda, or Nickel) that the group apparently used to hoard the data stolen from various organizations.

These included government agencies, think tanks, and human rights organizations, both in the US and elsewhere around the world.

Malicious websites

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Tom Burt, Microsoft VP of Customer Security & Trust, said in ablog post.

Despite the takedown, Burt says the group will probably continue its operations, urging all organizations to protect theirendpointsas best as they can.

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” he added.

Microsoft’s history of tackling cyber-crime

Microsoft also said the target organizations were breached in different ways. Sometimes it was a compromised third-party virtual private network (VPN), on other occasions, login credentials stolen through a spear-phishing campaign. The group tried to exploit Microsoft Exchange and SharePoint systems, as well as Pulse Secure VPNs, Microsoft added.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is not the first time Microsoft has taken legal action against cybercriminals distributingmalwareand stealing data. In fact,The Recordnoted that the company has had 23 similar moves in the past, including the seizure of domains owned by SolarWinds attackers, APT35, the Necurs botnet operators, and Thallium, a cyber-espionage group allegedly from North Korea.

In total, the company seized more than 10,000 malicious websites and almost 600 sites used by nation-state actors. However, Microsoft doubts its actions alone can make that big of a difference.

“We need industry, governments, civil society and others to come together and establish a new consensus for what is and isn’t appropriate behavior in cyberspace,” the blog post concludes.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call