Microsoft seizes control of malicious websites used by China-based hacking group

Photo (c) Jean-Luc Ichard - Getty Images

The company says it will remain vigilant and relentless

In its latest move to stop global hackers in their tracks, Microsoft’s Digital Crimes Unit (DCU) has throttled the activities of a China-based hacking group that it calls Nickel. 

A federal court in Virginia granted the company’s request to seize websites that Nickel planned to use to attack organizations in 29 countries, including the U.S. The upshot of Microsoft’s sheriff-like effort is that Nickel’s access to victims has been cut off and that the malicious websites it was using no longer have the ability to carry out attacks. 

Microsoft didn’t name Nickel’s specific targets but said at the top of the list of those spared were government agencies, think tanks, and human rights organizations because of the wealth of information the hackers could tap into for intelligence gathering. 

“There is often a correlation between Nickel’s targets and China’s geopolitical interests,” said Tom Burt, Microsoft’s Corporate Vice President, Customer Security & Trust. According to Burt, Nickel also targeted diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe, and Africa. 

Microsoft says it will remain relentless

Nickel may be the latest snake in the grass that Microsoft has gone after, but it’s not the first. The company said that DCU’s pioneering efforts have taken control of more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors so far. The tech giant said it has also proactively blocked the registration of some 600,000 sites to prevent hacking groups from using them to cause harm in the future.

However, Microsoft admitted that Nickel was not completely killed off, and it could come back for more. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Burt remarked.

He went on to say that nation-state attacks continue to proliferate in number and sophistication. While China may be the head of the Nickel snake, DCU has also disrupted nefarious attempts from Iran, Russia, and North Korea. 

“Our goal … is to take down malicious infrastructure, better understand actor tactics, protect our customers and inform the broader debate on acceptable norms in cyberspace. We will remain relentless in our efforts to improve the security of the ecosystem and we will continue to share activity we see, regardless of where it originates,” Burt concluded.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.