Microsoft assumes ownership of 42 domains used by Chinese hackers

Microsoft has been successful in, legally, taking over 42 domains that were being used by the Chinese hackers. These domains were being used to target potential Governments and big corporations through malware. The Chinese hacking group, Nickel, had websites hosted on all these domains. The websites would propagate malware on unsuspecting targets across 28 countries. Eventually, the malware and trojans would be used to steal information and organize cyber attacks at a later date.

The corporations, Government departments and companies were targeted in a diverse set of countries including the United States, United Kingdom, and plenty of South American countries. The affected domains were allowed to be taken over by Microsoft by the  U.S. District Court for the Eastern District of Virginia on 6th December. Microsoft had filed an appeal in the Courts on 2nd December, 2021. The order allows Microsoft to take over the malicious websites hosted on these domains, and redirect them over to the Microsoft servers. This would also allow Microsoft to reverse engineer a lot of activities and strategies used by the Nickel group of Chinese hackers.

The domains were being used by the Nickel group, which is also known with alternate names such as Vixen Panda, APT15 and Playful Dragon. The current action does imply that the law takes a serious view of the malware propagation and threats to the IT infrastructure across the world. It also means that the big tech is gearing up to fight the battle against the ransomware and threat sponsors from China and other other countries like Ukraine. We have already seen a lot of action in Ukraine, as ransomware operatives have been arrested and action taken against them.

Nickel group has been on Microsoft’s radar since 2016, and Microsoft has been trying to scuttle the infrastructure used by the hacking group. If Microsoft and more companies get into the business of actively hunting the threats and taking over the infrastructure of the threat sponsors, cyber attacks would definitely see a pull back from the side of threat action actors.

For more details about the action taken by Microsoft and how they have been handling emerging threats on the Internet, please read the full information on the Microsoft site.