The US technology company has dismantled a network of fake websites set up by the Chinese hacking group known as the Winnti Umbrella, which was used to harvest login details of gamers and infect their machines.
The ploy would be typical of China’s government-sponsored hacking units, which security analysts say typically launch attacks from hijacked sites with legitimate domains such as those owned by Amazon, Google, or Yahoo. The hackers siphon off passwords and other sensitive data that they can use to access private networks connected to the hacked computers – including those belonging to government agencies or companies – and potentially wreak havoc.
“I’ve never seen any attack infrastructure of this scale – it is way bigger than anything we have ever come across before,” said Simon Pope, a security expert at the UK-based cybersecurity firm Symantec, which helped Microsoft investigate the latest attack.
The Winnti Umbrella is one of several Chinese hacking groups that are believed to be sponsored by the Beijing government. Other groups include APT10, which was linked to a major hack on healthcare provider Anthem Inc., and Cloud Hopper, which has targeted banks and other businesses across the world.
Microsoft’s move to take down the websites used by the Winnti Umbrella comes as relations between Washington and Beijing have deteriorated over trade tensions and allegations of election interference. The Trump administration has accused China of using its state-sponsored hackers to steal commercial secrets and intellectual property from American companies in an effort to gain an edge in the global economy.
China has denied the allegations and says it is itself a victim of cyber-attacks. In a recent speech, the Chinese president, Xi Jinping, pledged to make the country’s cybersecurity a top priority and announced new measures to crack down on online crime.
Microsoft’s action against the Winnti Umbrella also highlights the increasing role that private companies are playing in tackling state-sponsored hacking groups. In addition to working with Symantec, Microsoft has also teamed up with other cybersecurity firms such as FireEye and CrowdStrike to form the Cybersecurity Tech Accord, an agreement to cooperate in defending against cyber-attacks.
“This is a landmark day for all of us in the industry,” said Brad Smith, president of Microsoft. “By standing together, we have sent a clear message that the tech sector will not be undermined by parties seeking to sabotage computer networks and disguise their true identity.”