Microsoft revealed that its Digital Crimes Unit (DCU) had obtained court approval to take over websites that a Chinese gang was using to attack targets around the world, often by exploiting vulnerabilities in Microsoft products.
An article attributed to Tom Burt, head of customer safety and trust at Microsoft, states that the US District Court for the Eastern District of Virginia has allowed Microsoft to take control of malicious websites operated by a group called Nickel which has been around since at least 2016.
Burt’s post says Microsoft spotted Nickel trying to extract information from “government agencies, think tanks, and human rights organizations.” Taking control of Nickel-owned websites will make it harder for the gang to carry out such attacks, Burt said.
Nickel is also known as “KE3CHANG”, “APT15”, “Vixen Panda”, “Royal APT” and “Playful Dragon”.
Regardless of the gang’s name, it targets unpatched systems in the hopes of owning them and exploiting them with stealthy malware.
Burt explains that Nickel enjoys phishing to get user credentials and doesn’t hesitate to attack VPN providers looking for users to compromise. It also targets unpatched Exchange and SharePoint servers.
Readers will be shocked to learn that Burt’s post does not consider whether Microsoft’s software engineering practices might have a role in the issues Nickel exploits.
On the contrary, Burt is of the opinion that “No individual action by Microsoft or anyone in the industry will stem the tide of attacks that we have seen from nation states and cybercriminals working in the industry. within their borders. ” Burt wants “industry, governments, civil society and others to work together to … build a new consensus on what is and is not appropriate behavior in cyberspace.”
The register leaves it to readers to determine whether releasing buggy products is appropriate behavior. Â®