Microsoft Seizes Domains Used By Chinese Cyber-Espionage Group 'Nickel'

An anonymous reader quotes a report from The Record: Microsoft said today that its legal team has successfully obtained a court warrant that allowed it to seize 42 domains used by a Chinese cyber-espionage group in recent operations that targeted organizations in the US and 28 other countries. Tracked by Microsoft as Nickel, but also known under other names such as APT15, Mirage, or Vixen Panda, Ke3Chang, and others, the group has been active since 2012 and has conducted numerous operations against a broad set of targets. Tom Burt, Microsoft VP of Customer Security & Trust, said today that the recent domains had been used for "intelligence gathering" from government agencies, think tanks, and human rights organizations.

Burt said the seized domains were being used to gather information and data from the hacked organizations. "Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help us protect existing and future victims while learning more about Nickel's activities," Burt said in a blog post today announcing the company's legal action against Nickel domains. "Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," he added. According to Burt, the group's victims had been hacked using compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear-phishing campaigns, which is in tune with similar industry reports detailing recent tactics used by Chinese espionage groups, in general.

Private companies playing the sheriff

[Rosco P. Coltrane]

Privatized law enforcement. Only in the US of A. It makes me feel all warm and fuzzy.

Re: Private companies playing the sheriff

[e3m4n]

Yea my thoughts exactly. Surely some group as altruistic as Microsuck would never abuse their power in an anti-competitive way. /endSarcasm

Re: Private companies playing the sheriff

[Freischutz]

Privatized law enforcement. Only in the US of A. It makes me feel all warm and fuzzy.

Yea my thoughts exactly. Surely some group as altruistic as Microsuck would never abuse their power in an anti-competitive way. /endSarcasm

For starters, it's not as if the people on the receiving end of this didn't deserve it. Secondly Microsoft seems to be doing a better job here than all the US three letter agencies put together, which might have something to do with Congress (D & R) sitting with its collective thumb up its collective butt fighting the culture wars on Twitter instead of governing the country.

Re:

[Zerc]

Like when Microsoft took over no-ip.com? https://www.eff.org/deeplinks/... [eff.org] That didn't work out so well for my email and for many other people either

Re:

[Freischutz]

For starters, it's not as if the people on the receiving end of this didn't deserve it. Secondly Microsoft seems to be doing a better job here than all the US three letter agencies put together, which might have something to do with Congress (D & R) sitting with its collective thumb up its collective butt fighting the culture wars on Twitter instead of governing the country.

Both arguments are at best irrelevant if we're talking justice. This isn't justice, this is vigilantism. Mob rule. The very thing the justice system was set up to prevent. So that is both an indictment of microsoft and the US justice system, rather than exoneration for microsoft.

Why don't you spare us the noble ideals and instead tell us what we are supposed to do when the justice system is non functional because of corruption, ineptitude, nepotism and both political parties sitting in Congress with their thumb up their collective butt fighting the culture wars on Twitter rather than governing the country? The Justice system these days is nothing but a weapon that the moneyed classes can use to bully everybody else, and by everybody else I mean everybody who can't afford the hundre

Re:

[Anonymous Coward]

Why don't you spare us the noble ideals and instead tell us what we are supposed to do when the justice system is non functional because of corruption, ineptitude, nepotism and both political parties sitting in Congress with their thumb up their collective butt fighting the culture wars on Twitter rather than governing the country? The Justice system these days is nothing but a weapon that the moneyed classes can use to bully everybody else, and by everybody else I mean everybody who can't afford the hundreds of thousands it costs to fight out a court case, never mind the millions it costs to take one to the SCOTUS. Criticism is of limited value when you have no viable alternative to offer.

How about you do your duty as that founding father-vaunted "better educated voter" and make your republic's democracy work again as it was supposed to work?

Complaining you don't know what to do speaks poorly of your education.

The thing is, you're talking to a non-American who nevertheless gets to be on the receiving end of American actions, that exactly as you describe it are corrupt and lawless. I don't get to vote. I get no representation. If you do, make good use of it. Make better use it than you're d

Re:

[gtall]

"Microsoft seems to be doing a better job here than all the US three letter agencies put together"

Oh, have you been getting the internal memos from the 3 letter agencies? Please share or stop talking out of your ass.

Re: Private companies playing the sheriff

[AmiMoJo]

I don't think Microsoft owns a domain registrar or has any special access to the system, so presumably they just submitted a request along with evidence like anybody else can. It's the registrar that gets to decide what happens.

Re: Private companies playing the sheriff

[e3m4n]

They got a warrant. How did they get 'standing' in the first place?

Re:

[AmiMoJo]

If they had a warrant then presumably they asked a judge to help them deal with a foreign attacker, and the judge reviewed it.

Of course then you have to ask how many judges are even capable of understanding the kind of evidence that would have involved.

Re:

[Anonymous Coward]

Because they work with and on behalf of law enforcement where they have the expertise to do so you bitter little shit stain.

Getting a senior law enforcement official to say to the judge "Yep, these guys can help prevent crime" if you grant this isn't exactly rocket science is it?

Fortunately when deciding on matters of law, judges don't listen to the incessant whining of random fucking idiot fanboys on Slashdot, so your constant inane protests will continue to be irrelevant I'm afraid.

Normally from fake O365 login pages w/ their logos

[raymorris]

Typically the primary legal argument Microsoft uses for these is that the bad guys are pretending to *be* Microsoft, using fake O365 login pages, with Microsoft's logos. So legally it's a trademark action.

Microsoft further points out that the unlawful use of their trademarks is harming their business by bringing their name into these scams.

Given the sites are being used to spread malware and such, judges allow them to be shut down without spending TOO much time trying to find reasons to say no.

Re:

[fibonacci8]

If the domain name itself isn't infringing on the trademark however, and only the content on the websites, this would be like asking the court to seize someone's phone number because a product they produce infringes on your trademark. If that's the case, this is judicial malfeasance (neither lawful nor ethical) committed a judge at Microsoft's urging.

Re:

[Anonymous Coward]

Lucky we have people like you on the internet who know more than legal professionals to put things right!

Oh wait, no, you're just another random fucking idiot spouting bollocks due to anti-Microsoft fanboyism rather than because you have any fucking clue what you're talking about.

Re: Normally from fake O365 login pages w/ their l

[raymorris]

Fortunately for all of us, the legal systems involves using common sense. Where there is a wrong, the court will order that the wrong be made right, in the most logical way.

Since you seem to like words like "malfeasance", you might enjoy the term "equitable relief". You might it interesting to read up on.

Re:

[Anonymous Coward]

FML, people like you just need to get on with your lives already, it's been 20 fucking years.

If Microsoft weren't doing this you'd be harping on about how they're responsible for the world's software security issues, now they're doing something about it, you're harping on about how they're fixing the world's security issues.

This is how we know you're a flagrant retard with nothing of value to contribute - because you'll whinge no matter what, not that childish statements like "Microsuck" didn't already give

Re:

[xalqor]

It's not law enforcement at all. The criminal group has servers to which their malware connects for command and control and for exhilarating information. Those servers are still there. Microsoft only took over the domains, and pointed them to Microsoft's own servers. The only thing that changed is who is now in control of the malware -- and that's only if they got all the domains it connects to. This isn't really taking down the criminal infrastructure at all, it's more like a temporary setback. Law enforce

Re:

[Kiaser Zohsay]

When they present the evidence in their lawsuit, they can start by saying "Look at this photograph ..."

Will Microsoft do the same to US espionage groups?

[Anonymous Coward]

There's absolutely no way that the US isn't spying on others as well.

Re:

[Klaxton]

There's a big difference between espionage and spying.

Re:

[Klaxton]

What makes you think it was "outside the rule of law"?