Microsoft recently seized 42 domains attributed to the China-based Nickel APT group.1 We subjected these web properties to WHOIS queries to find more information.
Our deep dive allowed us to build detailed threat research materials containing:
- The 42 domains Microsoft seized in early December 20212
- The seized domains’ potential ages when they were used in attacks based on an analysis of their historical WHOIS records
- The seized domains’ last known registrant countries, which coincided with Nickel’s identified base of operations
- Thousands of domains Microsoft seized possibly in relation to other attacks
Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis.
—
- [1] https://www.zdnet.com/article/microsoft-seizes-domains-used-to-attack-29-governments-across-latin-america-caribbean-europe/
- [2] https://s3.documentcloud.org/documents/21138968/nickel_bc_appendix_a_domains.pdf