Technology

Microsoft attacks Nickel group sites

Microsoft has announced the seizure of dozens of domains used in cyberattacks by the APT Nickel group, based in China, against governments and NGOs in Europe, America and the Caribbean.

Tom Burt, corporate vice president, security and customer trust at Microsoft, posted two blog posts [1, 2] This subject, où il raconte that l’entreprise suivait Nickel depuis 2016, et that a federal court of Virginie has been granted access to demand to see the web sites used by the APT group for attaquer des organizations aux Etats-Unis et dans d ‘other countries.

Prevent websites from being used for attacks

According to his account, Microsoft filed a lawsuit on December 2 in federal court in the United States, in order to “cut off Nickel’s access to his victims and prevent websites from being used to carry out attacks.”

“We believe that these attacks were largely used for intelligence gathering from government agencies, think tanks and human rights organizations,” says Tom Burt.

“The court quickly granted an order, which was opened today, after the service to the accommodation providers was completed. Controlling malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect current and future victims as we learn more about Nickel’s business. Our disruption will not prevent Nickel from continuing other hacking activities, but we believe we have removed a key piece of infrastructure that the group relied on for this latest wave of attacks. “

Stolen data around the world

The attacks, which involved the implementation of hard-to-detect malware that allowed intrusion, surveillance and data theft, targeted organizations in Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, the Dominican Republic , Ecuador, El Salvador, France. , Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom, United States and Venezuela.

fig1-nickel-target-countries.png

Image: Microsoft.

The Microsoft Threat Intelligence Center discovers that Nickel has occasionally been successful in compromising VPN providers or obtaining stolen credentials. In other cases, the group took advantage of unpatched Exchange servers and SharePoint systems.

Fight against state cybercrime

Microsoft specifies that no new vulnerabilities were used in Microsoft products in the context of these attacks. But once the attackers entered a network, they looked for ways to gain access to larger accounts or other footholds in the system. Microsoft says it has seen Nickel players use Mimikatz, WDigest, NTDSDump, and other password dump tools in attacks.

“Generally, there is a correlation between Nickel’s goals and China’s geopolitical interests. Other members of the security community who have investigated this group of actors refer to him by other names, including “KE3CHANG”, “APT15”, “Vixen Panda”, “Royal APT” and “Playful” Dragon “, says Tom Burt.

“State-sponsored attacks continue to proliferate and become more sophisticated. Our goal, in this case, as in previous riots that targeted Barium, operated from China, Strontium, operated from Russia, Phosphorous, operated from Iran, and Thallium, operated from North Korea, is to dismantle malicious infrastructure, to better understand the tactics of the actors, to protect our clients and to fuel a broader debate about acceptable standards in cyberspace. “

Poor security on specific networks

Tom Burt adds that Microsoft has so far filed 24 lawsuits that have allowed it to remove more than 10,000 malicious cybercriminal websites and nearly 600 state-backed groups.

Jake Williams, CTO of BreachQuest, notes that the techniques used by Nickel after entering a system are quite mundane, while there are many other tools that are easily accessed and widely used by those trying to enter the networks.

“Nickel certainly has access to much more efficient tools, but the group favors these basic tools because they work,” he believes. “The fact that these readily available tools work is a testament to the level of security of the target networks. “

Source: .com

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button