Microsoft Retrieves Domains Used by China China Scammers

Microsoft did has seized servers that the Chinese hijacking group used to disrupt targets in line with the country’s interests.

A fraudulent group, named Microsoft by Nickel, has been under the scrutiny of Microsoft since 2016, and the company has been pursuing a campaign to gather information that has been disrupted since 2019. Rebellion – against government agencies, rational tanks, and individuals. liberal organizations in the US and 28 other countries – “were very successful,” Microsoft said, and used a variety of methods, including capitalization. weaknesses in programs where the goals were not yet complete.

Down But Not Out

Late last week, Microsoft filed a lawsuit against Nickel’s Web site for allegedly hacking websites. The court, in the U.S. District Court for the Eastern District of Virginia, agreed and issued the verdict on Monday. With the management of Nickel architecture, Microsoft now “down”Traffic, which means they are diverted from Nickel servers to Microsoft-run servers, which can reduce the risk and allow Microsoft to gain insight into how the company and its applications work.

“Monitoring malicious websites and redirecting traffic from those sites to Microsoft’s protected servers will help us protect existing and upcoming ones as we learn more about Nickel,” Tom Burt, vice president of customer security and trust, wrote in a statement. blog post. “Our disruption will not prevent Nickel from furthering some to rip them work, but we believe we have eliminated the most important factor that the group has been relying on for recent risks. “

The organizations they were looking for included those in business and government organizations, including diplomatic agencies and ministries from North America, Central America, South America, the Caribbean, Europe, and Africa. Often, there is a connection between the interests and preferences of China.

Expected organizations were in other countries including Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali. , Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom, and Venezuela.

Other names of security detectives who use Nickel include “KE3CHANG,” “APT15,” “Vixen Panda,” “Royal APT,” and “Playful Dragon.”

More than 10,000 pages removed

Microsoft’s law last week was the 24th lawsuit filed by the company against those who threatened, five of which were state-sponsored. The lawsuit has resulted in the decommissioning of 10,000 websites used by money launderers and about 600 sites used by government terrorists. Microsoft has also banned the registration of 600,000 pages that hackers planned to use in an attack.

In these suits, Microsoft adopted a number of government regulations – including the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and US law laws – as a way to extract domain names used on control-and-control servers. Legal action led to the confiscation of the Kremlin-backed ammunition in 2012. Fancy Bear hacking team as well as international support groups from Iran, China, and North Korea. The developer has also used lawsuits to hack botnets that go with names like Zeus, Nitol, ZeroAccess, Bamatal, and TrickBot.

Microsoft’s legal action in 2014 resulted in over one million authenticated servers following, which resulted in many law-abiding people accessing the best websites. Microsoft was bitter criticism about moving.

VPNs, Stolen Notifications, and Unprinted Servers

In some cases, Nickel has stolen scams using VPN hackers or stolen information obtained through fraud. In some cases, the group used the threats that Microsoft extinguished but the victims had not installed Exchange Server or SharePoint. The difference blog post published by Microsoft’s Threat Intelligence Center stated:

MSTIC has seen NICKEL players use anti-printing equipment to disrupt remote operations and equipment. When they get involved, they will use the certificates or steal to obtain valid licenses, which they used to obtain victimized accounts. NICKEL players created and installed a malware program that allowed them to operate on long-suffering networks. MSTIC has also seen NICKEL carry out frequent collections as well as preparations and releases from victimized networks.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *