Microsoft used a court order to seize dozens of websites that a China-based hacking group was using for a cyber-espionage campaign against organizations in the US and 28 other countries, the tech giant said Monday.
“We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organizations,” Tom Burt, a corporate vice president at Microsoft, wrote in a blog post.
The Microsoft action is part of a broader effort by US tech companies and government agencies to expose sophisticated digital espionage campaigns before they do too much damage. In another case, the National Security Agency has investigated an ongoing hacking scheme in which suspected Chinese operatives have breached multiple US defense and technology firms.
Microsoft declined to publicly identify organizations targeted in the newly revealed hacking campaign. But the tech firm said the Chinese hackers had a history of trying to gather sensitive data from diplomatic organizations and foreign affairs ministries across North and South America, and in Europe and Africa.
In 2017, the Chinese hackers breached a UK government contractor in search of information on military technology, and stole “sensitive documents” in the process, according to a security firm that responded to the incident. Last year, the mobile security firm Lookout linked the hacking group to malware found on the mobile phones of Uyghurs. Western governments have accused China of committing genocide against the Uyghurs.
The court order from the US District Court for the Eastern District of Virginia allowed Microsoft to take control of 42 web domains that the hackers were using to try to breach their targets. Traffic from those websites is now routed to computer servers controlled by Microsoft.
It’s the latest example of how Microsoft and other powerful tech firms have taken advantage of the fact that foreign spies sometimes use US infrastructure in their hacking efforts. Microsoft says its five lawsuits against hacking groups linked to foreign governments have led to the seizure of nearly 600 of the hackers’ websites.
Any setback to the Chinese hacking group or others will likely be temporary as the hackers can find new infrastructure to use. But the goal of the seizure is to buy some time for potential victims of the hackers to defend themselves.
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.