Hillicon Valley — Presented by Connected Commerce Council — Microsoft disrupts Chinese hacking effort

Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Microsoft hit the ground running at the top of a new work week, announcing that it had disrupted a Chinese hacking group that had targeted organizations in almost 30 countries, including the United States, with a focus on human rights groups and think tanks, among others. 

Meanwhile, a new analysis found that the Russian hackers behind last year’s SolarWinds hack haven’t slowed down their efforts, and the planned merger of former President TrumpDonald TrumpDeputy AG: DOJ investigating fake Trump electors Former Boston Red Sox star David Ortiz elected to Baseball Hall of Fame Overnight Health Care — Senators unveil pandemic prep overhaul MORE’s new media company and another group is under investigation.

Let’s jump into the news.


Microsoft moves to block Chinese hackers

Microsoft on Monday announced that a federal court had granted a request to allow it to seize websites being used by a Chinese-based hacking group that was targeting organizations in the United States and 28 other nations. 

International focus: The hacking group, which Microsoft has dubbed “Nickel,” was observed to be targeting think tanks, human rights organizations, government agencies and diplomatic organizations for intelligence gathering purposes. 

The court order unsealed Monday in the Eastern District of Virginia allowed the Microsoft Digital Crimes Unit to take control of the websites used by Nickel and redirect the traffic to Microsoft servers. Customers impacted by the hacking efforts have been notified.  

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Tom Burt, the corporate vice president of Customer Security and Trust at Microsoft, wrote in a blog post published Monday

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Burt added. 

Widespread effort: Organizations targeted by the hacking group include those in countries across North America, South America, the Caribbean, Central America, Europe and Africa, such as the United States, Brazil, Colombia, France, Italy, the United Kingdom and dozens more. Burt noted that there was a “correlation” between Chinese geopolitical interests and the organizations targeted.

Read more here.


Congress is considering sweeping antitrust legislation that could hurt the digital economy – and put small businesses at risk. Learn more at connectedcouncil.org


Group behind SolarWinds breach still at it 


The Russian government-linked hacking group behind one of the biggest cyber espionage incidents in U.S. history has only intensified its hacking efforts in the year since, research released Monday found.

Cybersecurity group Mandiant on Monday released findings showing how the group, known as “Nobelium” or “UNC2452,” has continued to target governments and businesses, zeroing in on technology solutions and services groups, along with technology resellers, and using new tactics to make it more difficult to trace the threat activity and maintain access to networks. 

The new activity was announced by Mandiant almost exactly a year after the company, formerly known as FireEye, announced its systems had been breached by “a nation with top-tier offensive capabilities.”

One year later: The announcement by the former FireEye was the first public clue to a massive espionage campaign that had been ongoing for most of 2020 that became known as the SolarWinds hack due to the hackers using a vulnerability in software from IT company SolarWinds to breach customer networks, among other avenues of attack. 

At least nine federal agencies and 100 private sector groups were breached as a result, and President BidenJoe BidenDeputy AG: DOJ investigating fake Trump electors On The Money — Vaccine-or-test mandate for businesses nixed Warner tests positive for breakthrough COVID-19 case MORE levied sanctions on Russia in April in retaliation. 

“This time around they are hacking into a lot of different companies and using those companies as entry points into the ultimate target they are trying to get into,” Charles Carmakal, Mandiant senior vice president and chief technology officer, told The Hill in an interview ahead of the release of the findings. 

Read more here.


The Securities and Exchange Commission and another financial regulatory agency are investigating the planned merger of former President Trump’s new media company with a special purpose acquisition company (SPAC).

Digital World Acquisition Corp., the SPAC, disclosed in a filing on Monday that it has received “certain preliminary, fact-finding inquiries from regulatory authorities, with which it is cooperating.”

Digital World said it received requests from the Financial Industry Regulatory Authority in late October and early November for information regarding events that took place before the public announcement in October of its merger with the Trump Media & Technology Group.

Read more here.

ICYMI: Days before the investigations were disclosed in the SEC filing, Trump’s social media group, Trump Media & Technology Group Corp. (TMTG), and its blank-check company announced it had received a commitment of $1 billion from an unidentified “diverse group of institutional investors.” 

TMTG and Digital World said Saturday that "subscription agreements for $1 billion in committed capital" would be received from an unknown group of investors once TMTG and Digital World are combined. 

Read more here.


Rohingya refugees take on Facebook 

Rohingya refugees from Myanmar are suing Facebook for $150 billion over allegations that the platform failed to act against anti-Rohingya hate speech that fueled real-world violence against the group in the region, according to a complaint filed Monday. 

Refugees in the U.S. filed the case in California superior court, and Rohingya refugees in Europe filed a similar case in the U.K.

"Facebook is like a robot programmed with a singular mission: to grow. And the undeniable reality is that Facebook’s growth, fueled by hate, division, and misinformation, has left hundreds of thousands of devastated Rohingya lives in its wake,” the complaint states

Although Facebook is largely protected from such allegations in the U.S. under Section 230 of the Communications Decency Act, which provides a liability shield for internet companies over content posted by third parties, attorneys representing the refugees will seek to apply Burmese law to the claims since no such law in Myanmar protects the social media platform. 

The complaint argues that the tendency of Facebook algorithms to recommend “susceptible users join extremist groups” leaves the platform “naturally open to exploitation by autocratic politicians and regimes.” 

Read more about the complaint

Racine lends support: Meanwhile, on another lawsuit facing the social media giant based on allegations of failing to take down hate speech, D.C. Attorney General Karl Racine (D) filed an amicus brief urging the D.C. Superior Court against dismissing the case. 

Racine filed the brief in favor of Muslim Advocates' push to overturn Facebook’s motion to dismiss the case the group brought in April. He argued that the platform is not immune to being held accountable for misleading consumers.

“Facebook is trying to claim that it — and other massive tech companies — are above the law and cannot be held accountable for their false statements to consumers. But no company is entitled to mislead consumers, and there is nothing in local or federal law that shields companies like Facebook from the consequences of their own deception,” Racine said in a statement. 

Read more here.


Hackers stole at least $150 million from cryptocurrency exchange BitMart as part of what the company described Monday as a “large-scale security breach.”

The BitMart Team wrote in a statement posted on its website that the hackers involved had withdrawn approximately $150 million from two of BitMart’s wallets used by customers, and that the company was temporarily suspending withdrawals as it investigated the breach. The company emphasized that all other wallets were “secure and unharmed.”

NBC News cited information from blockchain and security analytics company PeckShield in reporting that the financial loss was likely closer to $200 million stolen. 

Read more here.


Congress is considering sweeping antitrust legislation that could hurt the digital economy – and put small businesses at risk. Learn more at connectedcouncil.org


An op-ed to chew on: News reporting in an age of rampant mendacity

Lighter click: No Monday scaries here

Notable links from around the web:

The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users (The Markup / Jon Keegan and Alfred Ng)

How TikTok Reads Your Mind (The New York Times / Ben Smith)

White House delays Alliance for the Future of the Internet launch (Protocol / Issie Lapowsky)

One last thing: Maryland health system the latest cyberattack victim 


Maryland authorities are investigating a cyberattack that took the state Department of Health offline this past weekend, as they determine if any information has been stolen.

"The Maryland Security Operations Center is investigating a network security incident involving the Maryland Department of Health. The Maryland Department of Information Technology, the Maryland Department of Health, and the Maryland Department of Emergency Management are working closely with federal and state law enforcement partners to address the incident and to gather additional information," department spokesperson Andy Owen said in a statement to The Hill.

"Certain systems have been taken offline out of an abundance of caution and other precautions have and will be taken," said Owen.

As of Monday morning, the department's website redirects to the main Maryland state government website.

Read more here.

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Tuesday.