Microsoft said in a blog post that it has seized seven domains belonging to Strontium, also known as Fancy Bear or APT28, a Russian hacking outfit with ties to the country’s military intelligence agency (via TechCrunch). Russian agents allegedly utilized these sites to target Ukrainian media outlets, as well as foreign policy think tanks and government institutions in the United States and the European Union, according to Microsoft.
On April 6th, Microsoft got a court order to seize control of each domain. It then sent them to a sinkhole, or a server that cybersecurity specialists employ to gather and analyze malicious connections. Before this most recent takedown, the business claims to have seized over 100 domains held by Fancy Bear.
“We believe Strontium was aiming to gain long-term access to its targets’ systems, give tactical assistance for the physical invasion, and exfiltrate critical information,” according to Tom Burt, Microsoft’s corporate vice president of customer security and trust. “We informed the Ukrainian authorities of the activity we discovered and the actions we took.”
This cyber outfit has a long history of seeking to sabotage both Ukraine and the United States. Fancy Bear was linked to cyberattacks on the Democratic National Committee in 2016 and has its sights set on the 2020 presidential election in the United States.
Russia’s invasion of Ukraine has only worsened Fancy Bear and other rogue actors’ cyberattacks. Fancy Bear and the Belarusian hacking outfit Ghostwriter, according to Google, carried out a phishing assault last month that targeted Ukrainian authorities and members of the Polish military. Russian state-sponsored hackers are also accused of hacking into a European satellite service before Russia invaded Ukraine, as well as attacking US defense companies in February. Fancy Bear may or may not have been involved in both attacks.
