The image is called "acastro2009151777hacking_0001.0."
The Microsoft Digital Crimes Unit (DCU) has seized 42 websites that the China-based hacking group Nickel used to attack organizations in the US, as well as around the world, according to a report on Microsoft's blog. Microsoft says that the attacks were likely to gather intel from government agencies.
A US District Court in Virginia gave Microsoft permission to take control of the websites on December 2nd, allowing Microsoft to divert traffic from those sites to its server. Microsoft says it should help protect existing and future victims while learning more about Nickel. The full list of seized websites can be found in this PDF.
After the DCU blocked Nickel, a lawsuit was announced against two Russians who are believed to have been responsible for operating the botnet. One million Windows devices were affected by the botnet. The CyberCrime Investigation Group and Threat Analysis Group said they worked together to remove 63 million of the 63 million Google accounts that were associated with the distribution.
Nickel deploys software designed to make changes at the deepest and most sensitive levels of the computer's Windows operating system.
Microsoft says that nickel uses a variety of techniques to install malicious software on victims' computers, including compromising third-party virtual private networks. The group is able to steal sensitive information from the device without the user knowing.
Microsoft claims that Nickel deploys malicious software designed to make changes at the deepest and most sensitive levels of the computer's Windows operating system. The consequences of these changes are that the user's version of Windows is adulterated, and unknown to the user, and has been converted into a tool to steal credentials and sensitive information from the user.
Microsoft says that it has been following the group since 2016 and that it is also referred to as Playful Dragon. In addition to countries in North America, South America, Central America, the Caribbean, Europe, and Africa, nickel has targeted diplomatic organizations and ministries of foreign affairs across the world. It strikes targets that align with China's interests.
Microsoft says that the DCU has shut down a total of over 10,000 compromised websites and blocked 600,000 potentially malicious sites, with 24 lawsuits filed so far.
In July, the US and several other nations blamed the Chinese government for the Microsoft Exchange attack that compromised the emails of over 30,000 organizations in the US. The US government needs help in bolstering its cybersecurity.
