Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security China Microsoft

Microsoft Seizes Domains Used By Chinese Cyber-Espionage Group 'Nickel' (therecord.media) 26

An anonymous reader quotes a report from The Record: Microsoft said today that its legal team has successfully obtained a court warrant that allowed it to seize 42 domains used by a Chinese cyber-espionage group in recent operations that targeted organizations in the US and 28 other countries. Tracked by Microsoft as Nickel, but also known under other names such as APT15, Mirage, or Vixen Panda, Ke3Chang, and others, the group has been active since 2012 and has conducted numerous operations against a broad set of targets. Tom Burt, Microsoft VP of Customer Security & Trust, said today that the recent domains had been used for "intelligence gathering" from government agencies, think tanks, and human rights organizations.

Burt said the seized domains were being used to gather information and data from the hacked organizations. "Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help us protect existing and future victims while learning more about Nickel's activities," Burt said in a blog post today announcing the company's legal action against Nickel domains. "Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," he added. According to Burt, the group's victims had been hacked using compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear-phishing campaigns, which is in tune with similar industry reports detailing recent tactics used by Chinese espionage groups, in general.

This discussion has been archived. No new comments can be posted.

Microsoft Seizes Domains Used By Chinese Cyber-Espionage Group 'Nickel'

Comments Filter:
  • Privatized law enforcement. Only in the US of A. It makes me feel all warm and fuzzy.

    • Yea my thoughts exactly. Surely some group as altruistic as Microsuck would never abuse their power in an anti-competitive way. /endSarcasm
      • by Freischutz ( 4776131 ) on Tuesday December 07, 2021 @08:58AM (#62055235)

        Privatized law enforcement. Only in the US of A. It makes me feel all warm and fuzzy.

        Yea my thoughts exactly. Surely some group as altruistic as Microsuck would never abuse their power in an anti-competitive way. /endSarcasm

        For starters, it's not as if the people on the receiving end of this didn't deserve it. Secondly Microsoft seems to be doing a better job here than all the US three letter agencies put together, which might have something to do with Congress (D & R) sitting with its collective thumb up its collective butt fighting the culture wars on Twitter instead of governing the country.

        • by Zerc ( 1860282 )
          Like when Microsoft took over no-ip.com? https://www.eff.org/deeplinks/... [eff.org] That didn't work out so well for my email and for many other people either
        • Re: (Score:2, Insightful)

          by gtall ( 79522 )

          "Microsoft seems to be doing a better job here than all the US three letter agencies put together"

          Oh, have you been getting the internal memos from the 3 letter agencies? Please share or stop talking out of your ass.

      • by AmiMoJo ( 196126 ) on Tuesday December 07, 2021 @09:22AM (#62055297) Homepage Journal

        I don't think Microsoft owns a domain registrar or has any special access to the system, so presumably they just submitted a request along with evidence like anybody else can. It's the registrar that gets to decide what happens.

        • They got a warrant. How did they get 'standing' in the first place?
          • by AmiMoJo ( 196126 )

            If they had a warrant then presumably they asked a judge to help them deal with a foreign attacker, and the judge reviewed it.

            Of course then you have to ask how many judges are even capable of understanding the kind of evidence that would have involved.

          • by Anonymous Coward

            Because they work with and on behalf of law enforcement where they have the expertise to do so you bitter little shit stain.

            Getting a senior law enforcement official to say to the judge "Yep, these guys can help prevent crime" if you grant this isn't exactly rocket science is it?

            Fortunately when deciding on matters of law, judges don't listen to the incessant whining of random fucking idiot fanboys on Slashdot, so your constant inane protests will continue to be irrelevant I'm afraid.

          • Typically the primary legal argument Microsoft uses for these is that the bad guys are pretending to *be* Microsoft, using fake O365 login pages, with Microsoft's logos. So legally it's a trademark action.

            Microsoft further points out that the unlawful use of their trademarks is harming their business by bringing their name into these scams.

            Given the sites are being used to spread malware and such, judges allow them to be shut down without spending TOO much time trying to find reasons to say no.

            • If the domain name itself isn't infringing on the trademark however, and only the content on the websites, this would be like asking the court to seize someone's phone number because a product they produce infringes on your trademark. If that's the case, this is judicial malfeasance (neither lawful nor ethical) committed a judge at Microsoft's urging.
              • by Anonymous Coward

                Lucky we have people like you on the internet who know more than legal professionals to put things right!

                Oh wait, no, you're just another random fucking idiot spouting bollocks due to anti-Microsoft fanboyism rather than because you have any fucking clue what you're talking about.

              • Fortunately for all of us, the legal systems involves using common sense. Where there is a wrong, the court will order that the wrong be made right, in the most logical way.

                Since you seem to like words like "malfeasance", you might enjoy the term "equitable relief". You might it interesting to read up on.

      • by Anonymous Coward

        FML, people like you just need to get on with your lives already, it's been 20 fucking years.

        If Microsoft weren't doing this you'd be harping on about how they're responsible for the world's software security issues, now they're doing something about it, you're harping on about how they're fixing the world's security issues.

        This is how we know you're a flagrant retard with nothing of value to contribute - because you'll whinge no matter what, not that childish statements like "Microsuck" didn't already give

    • by xalqor ( 6762950 )
      It's not law enforcement at all. The criminal group has servers to which their malware connects for command and control and for exhilarating information. Those servers are still there. Microsoft only took over the domains, and pointed them to Microsoft's own servers. The only thing that changed is who is now in control of the malware -- and that's only if they got all the domains it connects to. This isn't really taking down the criminal infrastructure at all, it's more like a temporary setback. Law enforce
  • There's absolutely no way that the US isn't spying on others as well.

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...