More Facts about the Microsoft Seizure of 42 APT Domains | WhoisXML API

Threat Reports

“Nickel” APT Group: What We Found Out About Microsoft’s Latest Domain Seizure

Microsoft recently seized 42 domains attributed to the China-based Nickel APT group.1 We subjected these web properties to WHOIS queries to find more information.

Our deep dive allowed us to build detailed threat research materials containing:

  • The 42 domains Microsoft seized in early December 20212
  • The seized domains’ potential ages when they were used in attacks based on an analysis of their historical WHOIS records
  • The seized domains’ last known registrant countries, which coincided with Nickel’s identified base of operations
  • Thousands of domains Microsoft seized possibly in relation to other attacks

Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis.

  • [1] https://www.zdnet.com/article/microsoft-seizes-domains-used-to-attack-29-governments-across-latin-america-caribbean-europe/
  • [2] https://s3.documentcloud.org/documents/21138968/nickel_bc_appendix_a_domains.pdf
Try our WhoisXML API for free
Get started