Cyber Security Today, Dec. 8, 2021 – Microsoft, Google disrupt botnets and worrisome news about Emotet malware

Microsoft and Google disrupt botnets, worrisome news about Emotet malware, and more.

Welcome to Cyber Security Today. It’s Wednesday, December 8th. I’m Howard Solomon, contributing writer on cybersecurity for


Some good news to tell you about:

Microsoft has disrupted the activities of a China-based hacking group. This comes after a U.S. court has allowed Microsoft to seize websites of the gang it calls Nickel. The sites were being used to attack organizations in 29 countries, including government agencies, think tanks and human rights organizations. This gang has been operating since 2016, sometimes by compromising a target organization’s VPN, stealing employee passwords by spear phishing or taking advantage of unpatched Microsoft Exchange and SharePoint servers.

Google said it has temporarily disrupted the command and control infrastructure behind a botnet of 1 million compromised Windows devices. It calls the botnet Glupteba. It’s been stealing victims’ passwords, hiding cryptocurrency miners on their computers and running other people’s internet traffic through their computers and routers. What makes this sophisticated botnet different from others is it defends itself with a blockchain-based system that retrieves backup domains through three bitcoin wallets. So Google is trying a long-shot: It’s suing two persons believed to be in Russia for operating the botnet in violation of U.S. law.

Sophisticated Russian-based threat actors allegedly associated with the Nobelium threat group, which was behind the SolarWinds Orion update compromise, have been spotted by researchers at Mandiant. In a report issued this week the company said it is seeing attacks against service providers to get into other organizations. In at least once instance a compromised VPN account was leveraged to get deeper into a company’s IT systems. In another case the attacker accessed the organization’s Microsoft 365 environment using a stolen digital session token. In some cases victims were hit after going to websites offering free or cracked software. Some victims who use smartphone-based multifactor authentication to protect their accounts were fooled by an attack that…