Microsoft Seizes 42 Websites From a Chinese Hacking Group

Microsoft said on Monday that it had seized 42 websites from a Chinese hacking group in an effort to disrupt the group’s intelligence-gathering operations.

The company said in a news release that a federal court in Virginia had granted Microsoft’s request to allow its Digital Crimes Unit to take over the U.S.-based websites, which were being run by a hacker group known as Nickel or APT15. The company is redirecting the websites’ traffic to secure Microsoft servers to “help us protect existing and future victims while learning more about Nickel’s activities.”

Microsoft said it has been tracking Nickel since 2016 and had found that its “highly sophisticated” attacks intended to install unobtrusive malware that allowed for surveillance and data theft.

In this most recent case, Nickel was attacking organizations in 29 different countries and was believed to be using the information it collected “for intelligence gathering from government agencies, think tanks, universities and human rights organizations,” Tom Burt, Microsoft’s corporate vice president of customer security and trust, said in the news release. Microsoft did not name the organizations that had been targeted.

The company said it had not discovered any new vulnerabilities in Microsoft products related to the attacks.

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Mr. Burt said.

Microsoft said it had found that the group often targeted regions in which China has a geopolitical interest. Nickel has targeted diplomatic organizations and foreign affairs ministries in the Western Hemisphere, Europe and Africa, among other groups, the company said.

The company said its Digital Crimes Unit, through 24 lawsuits, had taken down more than 10,000 malicious websites used by cybercriminals and almost 600 used by nation-state actors, and had blocked the registration of 600,000 more.

U.S. cybersecurity agencies have warned that Chinese hacking presents a “major threat” to the United States and its allies.