Monday, December 6, 2021, Microsoft announced on Monday the capture from 42 areas used by a group of cyber espionage based in China. Their target was organizations with United States and in 28 other countries under a legal warrant issued by a federal court in Virginia.
The society Redmond (Microsoft Headquarters) attributes these offensive activities to Nickel, a group she pursues. The entire sector of cybersecurity knows the group under the pseudonyms APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon and Vixen Panda. The Advanced Persistent Threat (APT) has reportedly been active since at least 2012.
In the sights of Nickel
Nickel reportedly targeted private and public sector organizations. This includes diplomatic organizations and foreign ministries from North America, Central America, South America, the Caribbean, Europe and Africa.
Tom Burt, vice president of consumer safety and trust at Microsoft, says“There is often a correlation between Nickel targets and interests geopolitics from China ».
“Highly sophisticated” cyber attacks
The hacker team was able to control machines since september 2019. They carried out attacks and gathered intelligence on government agencies secret groups « Think tank »And organizations defending Human rights.
Microsoft describes cyber attacks as “Highly sophisticated”, since these hackers would have used a multitude of techniques. This concerns in particular the violation of the services ofremote access, exploiting the vulnerabilities of « unpatched VPN ». In addition, they have adopted systems « Exchange Server » and « SharePoint » to insert malwares undetectable that facilitate intrusion, monitoring and data extraction.
Nickel, a team of ingenious hackers
The hacker group has deployed « credential dumping tools » and « stealers », such as Mimikatz and WDigest, to access the accounts of its victims. Then, through custom malware allowed them to control networks and accounts over long periods of time.
After that, it was possible for them to program a exfiltration regular files and collect e-mails from accounts Microsoft 365 using credentials obtained.
Microsoft concludes as follows:
“As China’s influence in the world continues to grow (…) threats based in this country will continue to target clients in government, diplomacy and NGOs to gain new knowledge (…) likely to pursuit of economic espionage or traditional intelligence gathering objectives. “
.
Source From: Fredzone
I am a technology author with 8 years of experience in journalism. My writing covers the latest technology advancements and trends, drawing on my expertise in news journalism and social media platforms. I have contributed to major media outlets such as The New York Times, The Wall Street Journal, and Reuters.