The cyber-espionage group focuses on intelligence gathering using hard-to-detect malware.
As The Record reports, Microsoft refers to the cyber-espionage group as Nickel, with the group’s focus being to infiltrate and gather intelligence from government agencies, think tanks, and human rights organizations.
The US was one of those targets along with 28 other countries including Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the United Kingdom, and Venezuela.
Tom Burt, Corporate Vice President, Customer Security & Trust, explains how Microsoft filed pleadings with the US District Court for the Eastern District of Virginia on Dec. 2 to take control of the domains. That request has been granted and all malicious websites hosted on the 42 domains are now having their traffic redirected to Microsoft’s servers. Burt says that, “will help us protect existing and future victims while learning more about Nickel’s activities.”
It’s important to note that the Nickel group is still active, but Burt says, “we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.” Microsoft has been tracking Nickel since 2016 and analyzing the group’s activity since 2019. Monitoring Nickel revealed it mainly has one goal: “to insert hard-to-detect malware that facilitates intrusion, surveillance and data theft.” Microsoft says there is “often a correlation between Nickel’s targets and China’s geopolitical interests.”