Home » Technology » Microsoft Hits APT15 Chinese Espionage Group

Microsoft Hits APT15 Chinese Espionage Group


Microsoft has hit a new blow against a cyberespionage group coordinated from China. As the group has now announced, 42 domains were confiscated that were used by the cyberespionage group Nickel alias APT15.

The hacking group Nickel, also known as APT15, Mirage, or Vixen Panda, has repeatedly made headlines with attacks on companies around the world in recent months. These hackers have been active since 2012 and have committed themselves to numerous operations in which the aim was to spy on organizations in the private and public sectors as well as on politicians.

Domains for data collection

Microsoft had discovered some domains that were used for data collection and transmission to Nickel. A court in the US state of Virginia has now confirmed the confiscation of the domains. Microsoft then turned it off. Tom Burt, Microsoft VP of Customer Security & Trust, said these domains were used for “information gathering” by government agencies, think tanks, and human rights organizations.

“Gaining control of the malicious websites and redirecting traffic from those websites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Burt said in a blog post.

“Our interruption will not stop Nickel from engaging in further hacking activity, but we believe we have removed an important part of the infrastructure that the group relied on upon in this latest wave of attacks,” he added. According to a report, the group’s victims were hacked using compromised third-party virtual private network (VPN) providers or stolen credentials obtained from spear-phishing campaigns. Attack attempts were also aimed at Microsoft Exchange and SharePoint systems as well as Pulse Secure VPNs.