Microsoft has revealed its Digital Crimes Unit (DCU) won court approval to take control of websites a Chinese gang was using to attack targets across the world – often by exploiting vulnerabilities in Microsoft products.
A post attributed to Microsoft’s corporate veep for customer security & trust, Tom Burt, states the US District Court for the Eastern District of Virginia has granted Microsoft to take control of malicious websites operated by a group called Nickel that has been around since at least 2016.
Burt’s post indicates that Microsoft spotted Nickel trying to pinch information from “government agencies, think tanks and human rights organizations”. Taking control of the websites Nickel owned will make it harder for the gang to conduct such attacks, Burt opined.
Nickel is also known as “KE3CHANG,” “APT15,” “Vixen Panda,” “Royal APT” and “Playful Dragon”.
Whatever the gang is called, it targets unpatched systems in the hope of owning and operating them with stealthy malware.
Burt explains that Nickel is fond of spearphishing to obtain user credentials, and is not above attacking VPN providers in pursuit of users to compromise. It also targets unpatched Exchange and SharePoint servers.
Readers will be shocked to learn that Burt’s post does not consider whether Microsoft’s software engineering practices might have any role in the problems Nickel exploits.
Rather, Burt opines, “No individual action from Microsoft or anyone else in the industry will stem the tide of attacks we’ve seen from nation-states and cybercriminals working within their borders.” Burt wants collaboration among “industry, governments, civil society and others to … establish a new consensus for what is and isn’t appropriate behavior in cyberspace”.
The Register leaves it to readers to consider whether or not releasing buggy products is appropriate behaviour. ®