Computer attacks are becoming more common than the public thinks. Those cinematic images in which attacks occur in large companies with “hackers” disguised as characters from the Matrix are in the past.
From PlayStation, email or Netflix accounts to large servers of private or public companies, they are vulnerable spaces for cybercriminals who seek different types of benefits, whether economic, political, among others.
A couple of weeks ago, Microsoft’s Digital Crime Unit (DCU) disrupted the activities of a China-based hacking group called Nickel.
A Federal Court in Virginia has granted the request to seize the websites that Nickel used to attack organizations in the United States, Argentina, Barbados, Bosnia and Herzegovina, Brazil, Bulgaria, Chile, Colombia, Croatia, Czech Republic, Dominican Republic , Ecuador, El Salvador, France, Guatemala, Honduras, Hungary, Italy, Jamaica, Mali, Mexico, Montenegro, Panama, Peru, Portugal, Switzerland, Trinidad and Tobago, United Kingdom and Venezuela, which allows cutting Nickel’s access to their victims and prevent websites from being used to execute attacks.
According to representatives of this company, these attacks were being used to a great extent for the collection of intelligence from government agencies, think tanks and human rights organizations.
On December 2, Microsoft filed submissions in the United States District Court for the Eastern District of Virginia seeking authority to take control of the sites. The court quickly granted an order that was opened after the termination of the service to the accommodation providers.
This disruption does not prevent Nickel from continuing other hacking activities, but cybersecurity experts believe it has removed a key piece of infrastructure that the group has been relying on for this latest wave of attacks.
Microsoft’s Threat Intelligence Center (MSTIC) has tracked Nickel since 2016 and has been analyzing this specific activity since 2019.
The attacks observed by MSTIC are very sophisticated and use a variety of techniques, but almost always had one goal: to insert hard-to-detect malware that facilitates intrusion, surveillance, and data theft. Nickel’s attacks sometimes used compromised third-party virtual private network (VPN) providers or stolen credentials obtained from spear phishing campaigns.
Other attacks identified in the area
On the other hand, the company ESET has identified a critical vulnerability in Log4j, a widely used Java library, which allows an attacker to remotely execute code.
This is Log4Shell, a remote code execution (RCE) vulnerability discovered by the Alibaba Cloud team in November. An exploit for Log4Shell was released a couple of weeks ago that allows an attacker to run code of their choice on an affected server.
According to experts, the vulnerability is easy to exploit and has a great impact on the affected computers. Various cybercriminals have started taking malicious actions such as installing malware, exfiltrating data, or taking control of the server.
Roman Kováč, ESET Research Officer, commented that “the volume of our detections confirms that this is a large-scale problem that will not go away anytime soon. Attackers are indeed testing many exploit variants, but not all attempts are necessarily malicious. Some may even be benign, considering that researchers and security companies are also conducting tests for defense-enhancing purposes. “
Beyond the severity of the vulnerability, the fact that it is a library used by thousands of applications, e-commerce platforms, video games, and websites raises concern.
Given the severity of the vulnerability and its impact, it is urgent to install the latest version of Log4j as soon as possible to mitigate this vulnerability or make the corresponding adjustments in the configuration. (I)
Paul is a talented author and journalist with a passion for entertainment and general news. He currently works as a writer at the 247 News Agency, where he has established herself as a respected voice in the industry.
