Microsoft recently announced that it has seized dozens of domains belonging to the Chinese APT group Nickel.
The domains were used to launch attacks against governments and NGOs in countries on three different continents (Europe, the Americas, and the Caribbean). The decision was made after the company obtained permission from a federal court in Virginia to seize websites that the group used to steal data in the United States and other countries.
Following Microsoft’s explanation of how the group works, the company revealed that the attacks involve the deployment of hard-to-detect malware that allows intrusion, surveillance and data theft. Further revelations from the Microsoft Threat Intelligence Centre revealed that sometimes, Nickel compromise VPN providers or gains access to stolen credentials.
In some other cases, too, they simply compromise unpatched Exchange Server and SharePoint systems. Once they gain access to a network, the attackers look for ways to gain access to higher-value accounts in order to achieve a solid network presence.