The cybercrime division of Microsoft has secured court authorization to take control of 42 domains linked to Chinese government-funded cybercriminal group APT15, also known as Nickel, Mirage, Vixen Panda among others. The domains were used by the group in recent campaigns against 28 countries.
Microsoft, which recognizes the group as Nickel, says the group is primarily targeting government organizations as well as private sector companies, including non-profit organizations, NGOs and foreign ministries in the Americas, the Caribbean, Europe and Africa. The group works financed and controlled by the Chinese government, for the benefit of the local government and industry.
Nonetheless, APT15 campaigns analyzed by Microsoft reveal that Latin America is among the main targets of the group. The victims are representatives of the countries: Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Republic Dominican, Ecuador, he savior, France, Guatemala, Honduras , Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, UK and Venezuela.
The authorization was granted by the US District Court for the Eastern District of Virginia on Monday (06). With the decision, Microsoft takes control of the sites hosted on the group’s domains and starts to redirect their traffic to secure pages.
“We believe that these attacks were widely used to intelligence collection from government agencies, and human rights organizations […] Our interruption will not stop Nickel [APT15] to continue other cybercriminal activities. Nonetheless, we’ve removed an important part of the infrastructure the group depends on for this latest wave of attacks.“, explain Tom Burt, vice president of consumer trust and security at Microsoft.
Microsoft’s Digital Crime Unit (DCU) is one of the pioneers in this strategy of private interception of domains used by cybercriminals linked to international governments. According to Burt, To date, 24 legal requests have been filed against cybercriminal groups, of which 5 have been filed against groups financed and controlled by governments.
“We have removed more than 10,000 malicious websites used by cybercriminals. Almost 600 of these were used by actors linked to nation-states.. We also blocked the registration of 600,000 sites that would be used by cybercriminals in the future”, concludes the executive.