Microsoft seizes websites from Chinese hackers targeting U.S. for intelligence gathering

Microsoft said it has seized websites used by China-based hackers targeting the U.S. for intelligence collection. 

Microsoft Corporate Vice President Tom Burt said the U.S. District Court for the Eastern District of Virginia authorized the company to disrupt the hacking group that Microsoft calls “Nickel.” 

“In documents that were unsealed [Monday], a federal court in Virginia has granted our request to seize websites Nickel was using to attack organizations in the United States and 28 other countries around the world, enabling us to cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks,” Mr. Burt wrote on the company’s blog. “We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations.” 

Mr. Burt wrote that Microsoft has used 24 lawsuits, including five against “nation-state actors,” to enable the takedown of 10,000 malicious websites used by cybercriminals and nearly 600 used by state-sponsored hackers. 

Microsoft went to federal court on Thursday looking for the authority to take control of the websites, and Mr. Burt said the court moved quickly. 

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” wrote Mr. Burt. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.” 

The U.S. government has increasingly turned to the private sector for help in cybersecurity amid state-sponsored cyberattacks on commercial companies damaging the government’s security, such as through the hack of SolarWinds computer network management software last year that compromised nine federal agencies. 

Biden administration cyber officials went to Silicon Valley and huddled with executives from 13 tech companies on Monday seeking to strengthen relationships that the government hopes will yield better protection of critical infrastructure, according to Politico.