Microsoft seizes URLs used by Chinese cybercrime group

News
By published

URLs reportedly belonged to notorious APT15 collective

China's flag overlays laptop screen
(Image credit: Shutterstock)

Microsoft has seized dozens of domains that it alleges were used by Chinese cybercriminals.

After getting a court warrant, Microsoft took down 42 domains used by APT15, also known as Mirage (or Vixen Panda, or Nickel) that the group apparently used to hoard the data stolen from various organizations.

These included government agencies, think tanks, and human rights organizations, both in the US and elsewhere around the world. 

Malicious websites

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Tom Burt, Microsoft VP of Customer Security & Trust, said in a blog post.

Despite the takedown, Burt says the group will probably continue its operations, urging all organizations to protect their endpoints as best as they can.

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” he added.

Microsoft's history of tackling cyber-crime

Microsoft also said the target organizations were breached in different ways. Sometimes it was a compromised third-party virtual private network (VPN), on other occasions, login credentials stolen through a spear-phishing campaign. The group tried to exploit Microsoft Exchange and SharePoint systems, as well as Pulse Secure VPNs, Microsoft added.

This is not the first time Microsoft has taken legal action against cybercriminals distributing malware and stealing data. In fact, The Record noted that the company has had 23 similar moves in the past, including the seizure of domains owned by SolarWinds attackers, APT35, the Necurs botnet operators, and Thallium, a cyber-espionage group allegedly from North Korea.

In total, the company seized more than 10,000 malicious websites and almost 600 sites used by nation-state actors. However, Microsoft doubts its actions alone can make that big of a difference.

“We need industry, governments, civil society and others to come together and establish a new consensus for what is and isn’t appropriate behavior in cyberspace,” the blog post concludes. 

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
A major FBI operation has deleted Chinese malware from thousands of US computers
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Russia
Major Russian hacking group shifts focus to US and UK targets
A close-up of an interent search bar with 'http://ww' visible
Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
Latest in Security
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
More about security
NHS

NHS IT supplier hit with major fine following ransomware attack
Data leak

Top home hardware firm data leak could see millions of customers affected
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps

You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
See more latest
Most Popular
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Apple iPad Pro 13-inch (2024)
iPadOS 19: 4 rumored new features, and 2 I’d like to see
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons