kmiainfo: Microsoft solves the mystery of "Apartment No. 15" and seizes 42 websites of Chinese hackers Microsoft solves the mystery of "Apartment No. 15" and seizes 42 websites of Chinese hackers

Microsoft solves the mystery of "Apartment No. 15" and seizes 42 websites of Chinese hackers

Microsoft solves the mystery of "Apartment No. 15" and seizes 42 websites of Chinese hackers Microsoft said on Monday it had seized 42 websites belonging to Chinese hacking teams, in an attempt to disrupt their intelligence-gathering operations. The company stated - in a press release - that a federal court in Virginia approved Microsoft's request to allow its digital crime unit to take control of the US-based sites run by a hacker group known as "Nickel" or "Apartment No. 15". The company redirects traffic from those websites to secure Microsoft servers "to help us protect current and future victims as we learn more about Nickel's activities." Microsoft added that it had been tracking Nickel teams since 2016 and found that its "sophisticated" attacks were aimed at installing imperceptible malware that allowed spying and data theft. Tom Burt, Microsoft's Vice President of Customer Security and Trust: "Our disruption won't stop Nickel from continuing with other hacking activities, but we believe we've removed a key part of the community's infrastructure in this latest wave of attacks." In this latter case, Team Nickel had attacked organizations in 29 countries and believed it was using the information it gathered "to harvest intelligence from government agencies, think tanks, universities, and human rights organizations," said Tom Burt, Vice President of Microsoft. Microsoft's Customer Security and Trust, in the press release. Microsoft did not mention the names of the targeted institutions. But according to court documents disclosed Monday, Microsoft has provided a detailed explanation of how hacker hackers target users with techniques such as hacking third-party VPNs and phishing, when the hacker often acts as a trusted entity, in an attempt to push Someone has to provide their own information, such as their password. After using these strategies to install malware on a user's computer, the Nickel team was connecting that computer to malicious websites that Microsoft later took over, the company said. Because it involves hacking computers, making changes to Microsoft's operating systems and sometimes appearing as Microsoft, Microsoft has argued that the process "involves misuse of trademarks and deceives users by offering them unauthorized, modified versions of Windows". In its decision, the court agreed to issue a temporary restraining order against the hackers, transferring the Virginia-registered websites to Microsoft's control. "There is good reason to believe that unless the defendants are restrained by order of this court, immediate and irreparable harm will result from the defendants' continued violations," the court wrote in its decision. Microsoft said it has not discovered any new vulnerabilities in its attack products. "Our disruption will not prevent Nickel from continuing with other hacking activities, but we believe we have removed a key part of the infrastructure on which the group depends in this latest wave of attacks," Burt said. Microsoft stated that it has found that the Nickel group often targets areas where China has geopolitical interest, and the company added that the "Nickel" team targeted diplomatic agencies and ministries of foreign affairs in the Western Hemisphere, Europe and even Africa, among other groups. Microsoft explained that its digital crime unit, through 24 lawsuits, has taken down more than 10,000 malicious websites used by cybercriminals and about 600 websites used by international government agencies, and blocked the registration of another 600,000 websites. John Hammond, a researcher at cybersecurity firm Huntress Labs, says Microsoft's move against websites is a good example of "proactive protection against cybercrime." John Hammond, a researcher at cybersecurity firm Huntress Labs, said Microsoft's move against websites is a good example of "proactive protection against cybercrime." Hammond noted that "this action from Microsoft is a good example of these preventive efforts before those who represent that threat do more harm," adding that it "sends a signal to attackers when you disconnect that key infrastructure from the Internet." US cybersecurity agencies have previously warned that Chinese hacking poses a "significant threat" to the United States and its allies. In July, the Biden administration accused the Chinese government of being responsible for this year's hacking campaign that endangered a Microsoft email service used by some of the world's largest companies and governments. Some European governments, which condemned China at the time, accused China of allowing hackers to operate on Chinese soil, but the United States and Britain went a step further, saying that the Chinese government was directly responsible. Foreign Minister Anthony Blinken said at the time that China's Ministry of State Security "has bolstered an ecosystem of mercenary hackers carrying out state-sponsored activities and cybercrime for their own financial gain." But Liu Pengyu, a spokesman for the Chinese embassy, ​​said at the time that the accusation was one of "many baseless attacks".

Microsoft solves the mystery of "Apartment No. 15" and seizes 42 websites of Chinese hackers


Microsoft said on Monday it had seized 42 websites belonging to Chinese hacking teams, in an attempt to disrupt their intelligence-gathering operations.

The company stated - in a press release - that a federal court in Virginia approved Microsoft's request to allow its digital crime unit to take control of the US-based sites run by a hacker group known as "Nickel" or "Apartment No. 15". The company redirects traffic from those websites to secure Microsoft servers "to help us protect current and future victims as we learn more about Nickel's activities."

Microsoft added that it had been tracking Nickel teams since 2016 and found that its "sophisticated" attacks were aimed at installing imperceptible malware that allowed spying and data theft.

 Tom Burt, Microsoft's Vice President of Customer Security and Trust: "Our disruption won't stop Nickel from continuing with other hacking activities, but we believe we've removed a key part of the community's infrastructure in this latest wave of attacks."

In this latter case, Team Nickel had attacked organizations in 29 countries and believed it was using the information it gathered "to harvest intelligence from government agencies, think tanks, universities, and human rights organizations," said Tom Burt, Vice President of Microsoft. Microsoft's Customer Security and Trust, in the press release. Microsoft did not mention the names of the targeted institutions.

But according to court documents disclosed Monday, Microsoft has provided a detailed explanation of how hacker hackers target users with techniques such as hacking third-party VPNs and phishing, when the hacker often acts as a trusted entity, in an attempt to push Someone has to provide their own information, such as their password.

After using these strategies to install malware on a user's computer, the Nickel team was connecting that computer to malicious websites that Microsoft later took over, the company said.

Because it involves hacking computers, making changes to Microsoft's operating systems and sometimes appearing as Microsoft, Microsoft has argued that the process "involves misuse of trademarks and deceives users by offering them unauthorized, modified versions of Windows".

In its decision, the court agreed to issue a temporary restraining order against the hackers, transferring the Virginia-registered websites to Microsoft's control.

"There is good reason to believe that unless the defendants are restrained by order of this court, immediate and irreparable harm will result from the defendants' continued violations," the court wrote in its decision.

Microsoft said it has not discovered any new vulnerabilities in its attack products.
"Our disruption will not prevent Nickel from continuing with other hacking activities, but we believe we have removed a key part of the infrastructure on which the group depends in this latest wave of attacks," Burt said.

Microsoft stated that it has found that the Nickel group often targets areas where China has geopolitical interest, and the company added that the "Nickel" team targeted diplomatic agencies and ministries of foreign affairs in the Western Hemisphere, Europe and even Africa, among other groups.

Microsoft explained that its digital crime unit, through 24 lawsuits, has taken down more than 10,000 malicious websites used by cybercriminals and about 600 websites used by international government agencies, and blocked the registration of another 600,000 websites.

John Hammond, a researcher at cybersecurity firm Huntress Labs, says Microsoft's move against websites is a good example of "proactive protection against cybercrime."

John Hammond, a researcher at cybersecurity firm Huntress Labs, said Microsoft's move against websites is a good example of "proactive protection against cybercrime."

Hammond noted that "this action from Microsoft is a good example of these preventive efforts before those who represent that threat do more harm," adding that it "sends a signal to attackers when you disconnect that key infrastructure from the Internet."

US cybersecurity agencies have previously warned that Chinese hacking poses a "significant threat" to the United States and its allies.

In July, the Biden administration accused the Chinese government of being responsible for this year's hacking campaign that endangered a Microsoft email service used by some of the world's largest companies and governments.

Some European governments, which condemned China at the time, accused China of allowing hackers to operate on Chinese soil, but the United States and Britain went a step further, saying that the Chinese government was directly responsible.

Foreign Minister Anthony Blinken said at the time that China's Ministry of State Security "has bolstered an ecosystem of mercenary hackers carrying out state-sponsored activities and cybercrime for their own financial gain."

But Liu Pengyu, a spokesman for the Chinese embassy, ​​said at the time that the accusation was one of "many baseless attacks".
Tags:

Post a Comment

Previous Post Next Post