Science & Technology

Microsoft seized 42 malicious web domains used by Chinese hackers

On Monday, Microsoft seized 42 domains used by a China-based cyber-spy group that turned to organizations in the United States and 28 other countries in accordance with a legal warrant issued by a federal court in Virginia, USA. Announced.

Redmond’s company has attributed malicious activity to the group it pursues. nickel, And by the broader cybersecurity industry under Monica, APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon, VixenPanda. Advanced Persistent Threat (APT) actors are believed to have been active since at least 2012.

“Nickel targets both private and public sector organizations, including diplomatic and foreign affairs organizations in North America, Central America, South America, the Caribbean, Europe and Africa,” said Microsoft’s Customer Security and Trust. Corporate Vice President, Tom Bart, Said.. “There is often a correlation between nickel’s goals and China’s geopolitical interests.”

Automatic GitHub backup

Due to rogue infrastructure, hacking crews maintain long-term access to compromised machines and target unnamed government agencies, think tanks, and human rights groups as part of a digital spy campaign dating back to September 2019. I was able to carry out an attack for collection purposes.

Microsoft has described cyberattacks as “advanced.” This includes “inserting hard-to-detect malware that facilitates intrusion,” such as remote access service breaches and exploiting vulnerabilities in unpatched VPN appliances, Exchange Server and SharePoint systems. The technique is used. Surveillance and data theft. “

Chinese hacker

Nickel gained the first foothold and deployed credential dump tools and stealers such as Mimikatz and WDigest to hack the victim’s account, after which the attacker maintained persistence in the victim’s network for extended periods of time. We found that we are delivering custom malware that allows us to act on a regular basis. Scheduled extraction of files, execution of arbitrary shellcode, and collection of emails from Microsoft 365 accounts with compromised credentials.

The multiple backdoor families used for command and control are tracked as Neoichor, Leeson, NumbIdea, NullItch, and Rokum.

Prevention of data breaches

The latest wave of attacks has been added to the extensive list of surveillance wear campaigns carried out by the APT15 Group in recent years. July 2020, mobile security company Lookout Disclosure Four named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle targeting Uighur ethnic minorities and Tibetan communities with the goal of collecting personal user data and sending it to adversary-operated command and control servers. A legitimate trojanized app.

“As China’s influence continues to grow around the world, as countries establish bilateral relations with more countries and expand partnerships to support China. Belt and Road InitiativeChina-based threat actors value that they can target customers in the government, diplomatic and NGO sectors to gain new insights in pursuit of economic spies and traditional intelligence gathering objectives. Microsoft Said..

Microsoft seized 42 malicious web domains used by Chinese hackers Microsoft seized 42 malicious web domains used by Chinese hackers

Back to top button