After taking down seven domains used as attack infrastructure, Microsoft was able to successfully stop assaults against Ukrainian targets organized by the Russian APT28 hacking group.
Strontium (also known as Fancy Bear or APT28) was linked to Russia’s military intelligence service GRU and utilized these domains to attack a number of Ukrainian institutions, including news outlets.
The domains were also used in attacks on foreign policy institutions and think tanks in the United States and Europe.
“On Wednesday, April 6th, we secured a court order permitting us to take control of seven internet domains used by Strontium to execute these assaults,” stated Tom Burt, Microsoft’s Corporate Vice President of Customer Security and Trust.
“Since then, we’ve redirected these names to a Microsoft-controlled sinkhole, allowing us to reduce Strontium’s present use of these domains while still enabling victim notifications.”
“We believe Strontium was aiming to gain long-term access to its targets’ systems, offer tactical support for the physical invasion, and exfiltrate important information,” according to the report.
Strontium’s harmful behavior was also reported to the Ukrainian authorities, which resulted in the suspension of attempts to breach targeted firms’ networks in Ukraine.
Hacks on governments all across the world are linked to this.
In August 2018, Microsoft filed 15 further complaints against the Russian-backed threat group, resulting in the seizure of 91 malicious domains.
“This outage is part of a longer-term investment that began in 2016 to seize infrastructure used by Strontium through legal and technical means. We’ve set up a legal system that allows us to get court judgements in a timely manner for this project “Burt went on to say.
Since at least 2004, APT28 has been operating on behalf of the 85th Main Special Service Center (GTsSS) military unit 26165 of Russia’s General Staff Main Intelligence Directorate (GRU).
The US has charged members of this Russian military hacking unit with hacking the DNC and DCCC in 2018, as well as targeting and hacking individual members of the Clinton campaign.
Multiple APT28 members were sanctioned by the European Union Council two years later for their role in the 2015 hack of the German Federal Parliament (Deutscher Bundestag).
