Microsoft seizes multiple websites from Chinese hacking group

The hacking group was targeting organizations in 29 countries, including the US.

Attila Tomaschek
Attila is a Staff Writer for CNET, covering software, apps and services with a focus on virtual private networks. He is an advocate for digital privacy and has been quoted in online publications like Computer Weekly, The Guardian, BBC News, HuffPost, Wired and TechRepublic. When not tapping away on his laptop, Attila enjoys spending time with his family, reading and collecting guitars.
Expertise Attila has nearly a decade's worth of experience with VPNs and has been covering them for CNET since 2021. As CNET's VPN expert, Attila rigorously tests VPNs and offers readers advice on how they can use the technology to protect their privacy online and
Attila Tomaschek

Microsoft says it removed a key piece of infrastructure that a hacking group was relying on to execute a wave of attacks.

James Martin/CNET

Microsoft on Monday said its digital crime unit obtained authorization from a federal court to seize multiple websites that a Chinese hacking group was using to target organizations in the US and 28 other countries. The hacking group, dubbed Nickel, was using the sites to execute attacks "for intelligence gathering from government agencies, think tanks and human rights organizations," Microsoft said in a blog post.

"Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help us protect existing and future victims while learning more about Nickel's activities," the company said, adding that it believes it's "removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks."

Microsoft said it's been tracking Nickel since 2016 and noted that the hacking group's method is to "insert hard-to-detect malware that facilitates intrusion, surveillance and data theft." According to Microsoft's observations of Nickel's activity, the hacking group sometimes accomplishes this via compromised virtual private networks, data obtained from spear-phishing attacks or "exploits targeting unpatched on-premises Exchange Server and SharePoint systems."

Microsoft confirmed that it seized 42 websites being used to execute attacks, which was earlier reported by The New York Times. The company's action against the Nickel hacking group comes as the Biden administration takes steps to bolster US cybersecurity efforts.