Microsoft has effectively seized domains used by Strontium, a Russian military intelligence-sponsored outfit, to target Ukrainian institutions.
In a blog post, Microsoft revealed seizing seven domains belonging to Strontium, better known as Fancy Bear or APT28, a Russian hacking outfit with connections to the country’s military intelligence agency.
According to Microsoft, Russian agents exploited these sites to target Ukrainian institutions, including media sources, as well as government institutions and foreign policy think tanks in the United States and the European Union.
On April 6th, Microsoft received a court ruling, allowing them to seize ownership of each domain. The firm then re-routed those domains to a sinkhole, which is a site used by cybersecurity professionals to intercept and analyse malicious connections. Before this most recent takedown, the business claimed to have seized over 100 domains held by Fancy Bear.
Tom Burt, Microsoft’s vice president for customer security, said, “We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion, and exfiltrate sensitive information.” Tom also added, “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
The Russia-backed hacking group has been active since 2009, mostly targeting media, military, and security groups and governments throughout the world. APT28 has also been linked to a recent hack on Viasat, a US satellite communications operator, which caused satellite service interruptions across Central and Eastern Europe.
Russia’s Ukrainian invasion has further intensified cyberattacks initiated by Fancy Bear and other bad actors. Google last month reported that Fancy Bear and the Belarusian hacker outfit Ghostwriter carried out a phishing attempt on Ukrainian authorities and members of the Polish military.