Microsoft gains ground in cat-and-mouse game with hacking group NICKEL

Microsoft announces that its Digital Crimes Unit (DCU) has seized the websites of hacking group NICKEL. According to the organization, the hacking group loses an important weapon. The websites would be used to attack global organizations.

NICKEL trades from China. The hacking group has been followed by Microsoft’s security branch since 2016. Now the tech giant has announced that it has seized NICKEL’s websites. A US federal court gave legal clearance to the initiative.

Microsoft states that NICKEL mainly focuses on information theft from governments, policymakers and human rights organizations. Attacks on government agencies and diplomats have set the tone since 2019. Persons belonging to the hacking group have never been traced or arrested. NICKEL’s motives cannot therefore be determined with certainty. Microsoft can only suspect — and says the group is out on espionage.

Vice versa

Also, Microsoft’s motivation for following the hacking group is not set in stone. However, the fact that NICKEL’s methods are being incorporated into Microsoft’s security technologies does give a hint.

The tech giant states that NICKEL mainly attacks by abusing outdated systems. Applications in outdated Microsoft Exchange and SharePoint environments were previously used by the hacking group. NICKEL then distributed malware and infostealers to maintain access to systems and divert data.

In a technical blog post (under the heading ‘Recommended defenses’), Microsoft explains what users can do to defend themselves against NICKEL’s methods. Some of NICKEL’s signature methods have been incorporated into Microsoft 365 Defender to be automatically repelled from there.