Ride the Lightning

Google and Microsoft Taking on Hackers

December 8, 2021

Two good sources here: A Washington Post report (12/7, sub.req.) and a post from ZDNet (12/8).

Google announced that it disrupted a criminal operation that hijacked computing power from roughly 1 million digital devices. It used that power to steal other people’s personal data and mine cryptocurrency.

Those armies of hijacked computers are called botnets and cyber defenders named this botnet Glupteba.

The announcement comes just one day after Microsoft revealed it had disrupted a Chinese cyber spying gang that was trying to steal information from government agencies, think tanks and human rights groups in the United States and 28 other nations.

Microsoft didn’t definitively tie the hacking group it dubbed Nickel to the Chinese government. But the company noted “there is often a correlation between Nickel’s targets and China’s geopolitical interests.”

The Glupteba operators often tried to infect victims with malicious software spread through Google Docs and Google Ads. The company terminated more than 63 million Google Docs and 1,183 Google accounts that were distributing the group’s malware.

Nickel hackers didn’t exploit any newfound vulnerabilities in Microsoft systems, but they targeted victims that hadn’t updated their systems to protect against bugs that were already known, Tom Burt, the company’s vice president for trust and security, said in a blog post.

Such private sector efforts to take down hackers are comparatively rare, but they’re becoming more common.

Companies may see more threats than the FBI does, but they have far more limited powers to go after hackers. Companies need to ask courts for permission to take some aggressive actions, such as seizing web domains they don’t own. In some cases, they go further and file lawsuits against the hacking groups.

In addition to removing access to the botnet’s infrastructure, Google filed a lawsuit against two Russia-based Glupteba operators. “While these actions may not completely stop Glupteba, [Google’s Threat Analysis Group] estimates that combined efforts will materially affect the actor’s ability to conduct future operations,” the threat hunting group’s leader Shane Huntley said in a blog post.

Microsoft obtained a court order that allowed it to seize control of malicious websites the hacking group was using to infect victims’ computer systems and steal their information. “Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Burt said.

Microsoft has announced the seizure of dozens of domains used in attacks by the China-based APT group Nickel on governments and NGOs across Europe, the Americas and the Caribbean.

ZDNet reported that Burt stated, on December 2, Microsoft filed suits in the US District Court for the Eastern District of Virginia that would allow them to “cut off Nickel’s access to its victims and prevent the websites from being used to execute attacks.”

Burt continued, saying, “The court quickly granted an order that was unsealed today following completion of service on the hosting providers. Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities. Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks.”

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

The attacks — which involved inserting hard-to-detect malware that enabled intrusions, surveillance and data theft — targeted organizations in Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic, Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, the UK, the US and Venezuela.

The Microsoft Threat Intelligence Center found that sometimes, Nickel was able to compromise VPN suppliers or obtain stolen credentials. At the same time, they took advantage of unpatched Exchange Server and SharePoint systems in other instances.

Burt added that so far, Microsoft has filed 24 lawsuits that allowed them to take down more than 10,000 malicious websites from cybercriminals and almost 600 from nation-state groups.

It’s nice to see Google and Microsoft engaged in combat with the hacking groups – they are often more effective than government efforts. Then again, maybe it takes a village . . .

HT to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson