Microsoft said on Monday that it had seized 42 websites from a Chinese hacking group in an effort to disrupt the group’s intelligence-gathering operations.
The company said in a news release that a federal court in Virginia had granted Microsoft’s request to allow its Digital Crimes Unit to take over the U.S.-based websites, which were being run by a hacker group known as Nickel or APT15. The company is redirecting the websites’ traffic to secure Microsoft servers to “help us protect existing and future victims while learning more about Nickel’s activities.”
Microsoft said it has been tracking Nickel since 2016 and had found that its “highly sophisticated” attacks intended to install unobtrusive malware that allowed for surveillance and data theft.
In this most recent case, Nickel was attacking organizations in 29 different countries and was believed to be using the information it collected “for intelligence gathering from government agencies, think tanks, universities and human rights organizations,” Tom Burt, Microsoft’s corporate vice president of customer security and trust, said in the news release. Microsoft did not name the organizations that had been targeted.
The company said it had not discovered any new vulnerabilities in Microsoft products related to the attacks.
“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Mr. Burt said.
Microsoft said it had found that the group often targeted regions in which China has a geopolitical interest. Nickel has targeted diplomatic organizations and foreign affairs ministries in the Western Hemisphere, Europe and Africa, among other groups, the company said.
The company said its Digital Crimes Unit, through 24 lawsuits, had taken down more than 10,000 malicious websites used by cybercriminals and almost 600 used by nation-state actors, and had blocked the registration of 600,000 more.
U.S. cybersecurity agencies have warned that Chinese hacking presents a “major threat” to the United States and its allies.
In July, the Biden administration accused the Chinese government of being responsible for a hacking campaign earlier this year that compromised a Microsoft email service used by some of the world’s largest companies and governments.
Some of the European governments who condemned China at the time accused its government of allowing hackers to operate in Chinese territory, but the U.S. and Britain went a step further, saying that the Chinese government was directly responsible.
China’s Ministry of State Security “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” Secretary of State Antony J. Blinken said at the time.
Liu Pengyu, a spokesman for the Chinese Embassy, said at the time the accusation was one of many “groundless attacks.”
This is a developing story. It will be updated.