Microsoft has blocked and seized web domains belonging to Russian military intelligence-sponsored hacker group called Strontium or APT28 that targeted Ukraine, including media outlets.
The tech giant obtained a court order that authorised it to take control of seven internet domains that Strontium was using to conduct these attacks.
“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enabling victim notifications,” said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.
The company recently observed attacks from Strontium targetting Ukrainian entities and were able to disrupt some of these attacks.
Strontium was targetting Ukrainian institutions including media organisations. It was also targeting government institutions and think tanks in the US and the European Union involved in foreign policy.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken,” said Burt.
Started in 2016, this disruption is part of an ongoing long-term investment, to take legal and technical action to seize infrastructure being used by Strontium, according to Microsoft.
“Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains,” Burt informed.
Microsoft has observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offense against Ukraine’s government and critical infrastructure.