Tech giant, Microsoft has successfully seized internet domains utilized by APT28, Russian state-backed hackers, which is operated by Russian military intelligence, to target establishments in Ukraine. The company announced in a blog post on Thursday that Strontium — Microsoft’s moniker for APT28 or “Fancy Bear,” a hacking group linked to Russia’s GRU — used the internet domains to target multiple Ukrainian institutions.
The Russian State-Backed Hackers Targeted Media Outlets and Government Agencies
The Russian state-backed hackers attacked media organizations, as well as government organizations and think tanks involved in foreign policy in the U.S. and Europe. “We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” said Tom Burt, Microsoft’s vice president for customer security.
Furthermore, Microsoft said it acquired a court order on April 6 that allowed the firm to take possession of seven domains APT28 was using to carry out its cyberattacks. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” Burt added. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
Microsoft Has Filed 15 Lawsuits Against the Russian Cyber Criminals
This action against the Russian state-backed hackers is part of a wider Microsoft investigation into the hacking group that started back in 2016. Microsoft has acquired several court decisions in recent years to seize infrastructure being used by APT28. To date, Microsoft has filed 15 other lawsuits against the Russian-backed threat group, leading to the confiscation of more than 100 malicious domains managed by the Russian spies.
Moreover, the Russian state-backed hackers have been active since at least 2009, targeting predominantly media, military, security institutions, and governments worldwide, including a 2015 hack of the German federal parliament and an attack against the Democratic National Committee in 2016.