Microsoft seizes URLs used by Chinese cybercrime group

China's flag overlays laptop screen
(Image credit: Shutterstock)

Microsoft has seized dozens of domains that it alleges were used by Chinese cybercriminals.

After getting a court warrant, Microsoft took down 42 domains used by APT15, also known as Mirage (or Vixen Panda, or Nickel) that the group apparently used to hoard the data stolen from various organizations.

These included government agencies, think tanks, and human rights organizations, both in the US and elsewhere around the world. 

Malicious websites

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Tom Burt, Microsoft VP of Customer Security & Trust, said in a blog post.

Despite the takedown, Burt says the group will probably continue its operations, urging all organizations to protect their endpoints as best as they can.

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” he added.

Microsoft's history of tackling cyber-crime

Microsoft also said the target organizations were breached in different ways. Sometimes it was a compromised third-party virtual private network (VPN), on other occasions, login credentials stolen through a spear-phishing campaign. The group tried to exploit Microsoft Exchange and SharePoint systems, as well as Pulse Secure VPNs, Microsoft added.

This is not the first time Microsoft has taken legal action against cybercriminals distributing malware and stealing data. In fact, The Record noted that the company has had 23 similar moves in the past, including the seizure of domains owned by SolarWinds attackers, APT35, the Necurs botnet operators, and Thallium, a cyber-espionage group allegedly from North Korea.

In total, the company seized more than 10,000 malicious websites and almost 600 sites used by nation-state actors. However, Microsoft doubts its actions alone can make that big of a difference.

“We need industry, governments, civil society and others to come together and establish a new consensus for what is and isn’t appropriate behavior in cyberspace,” the blog post concludes. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.