Microsoft Corp. said today it has seized 42 domains being used by a Chinese cyber espionage group that has targeted organizations in the U.S. and other countries.

The group, called “Nickel” by Microsoft but better known as APT15, has been active since 2010 and is believed to be a state-sponsored hacking group. Microsoft has been tracking the group since 2016 and has been analyzing its specific activities since 2019. The group’s primary targets are government agencies, think tanks and human rights organizations, although it has also targeted a broad range of companies previously.

Microsoft describes APT15’s activities as highly sophisticated, using a variety of techniques. The common theme from the group’s attack was always one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance and data theft.

Some attacks involved the use of compromised third-party virtual private network suppliers or stolen credentials obtained from spear-phishing campaigns. The group used malware that targeted unpatched on-premises Exchange Server and SharePoint systems in other attacks.

The Microsoft Digital Crimes Unit instigated the takedown of the domains with Microsoft having filed pleadings with the U.S. District Court for the Eastern District of Virginia on Dec. 2. The court quickly granted an order that was unsealed today following the completion of the takedown of the domains.

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” explained Tom Burt, Microsoft vice president of customer security and trust. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”

The takedown of the Nickel/APT15 is not the first time Microsoft has successfully targeted alleged nation-state-sponsored hacking groups. Previous successful cases involving Microsoft include Thallium from North Korea, Barium, allegedly from China, Strontium from Russia and Phosphorus from Iran.

Photo: Pixabay