Microsoft disrupts Russian cyberattacks targeting Ukraine by seizing domains

The Pip Boy from the Fallout series being the benevolent hacker he is
(Image credit: Bethesda)

Seven internet domains used by Strontium, a Russian state-sponsored hacking group, were seized by Microsoft last week. This has been part of a years-long investigation into the Russian hacker group, which has allegedly been conducting a series of cyberattacks on Ukraine since the Russian-led invasion started nearly two months ago. 

Strontium has ties to Russia's military intelligence unit, GRU, and has also gone by the names APT28 and "Fancy Bear." The group is reportedly responsible for massive cyberattacks such as the infamous DNC hack in 2016 and malware attacks on numerous businesses worldwide.

In a blog post, Tom Burt, VP of customer security and trust at Microsoft, broke down how and when the company made its move against the hacker group:

"On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks. We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications."

The domains in question were being used to target Ukrainian government institutions and media organizations. Microsoft suspected that Strontium was trying to "establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information." 

According to Microsoft, it wasn't just Ukraine; the hackers were targeting the US and European government institutions related to foreign policy. Microsoft has been investigating Strontium since 2016 and has taken legal action at least 15 times, and has taken control of more than 100 Strontium-controlled domains.

Image


<a href="https://www.pcgamer.com/best-ssd-for-gaming/" data-link-merchant="pcgamer.com"" target="_blank">Best SSD for gaming: The best solid state drives around
<a href="https://www.pcgamer.com/best-pcie-4-ssd-for-gaming/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">Best PCIe 4.0 SSD for gaming: Speedy drives
<a href="https://www.pcgamer.com/best-nvme-ssd/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">The best NVMe SSD: Slivers of SSD goodness
<a href="https://www.pcgamer.com/best-external-hard-drives/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">Best external hard drives: Expand your horizons
<a href="https://www.pcgamer.com/best-external-ssd-for-game-storage/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">Best external SSDs: Fast, solid, and portable

During the Russian invasion, Ukrainian IT and tech workers have banded together online to counter-hack the cyber attackers by launching DDOS and phishing attacks on Russian digital infrastructure in the ongoing cyber warfare.

"The Strontium attacks are just a small part of the activity we have seen in Ukraine, Burt continues. "Before the Russian invasion, our teams began working around the clock to help organizations in Ukraine, including government agencies, defend against an onslaught of cyberwarfare that has escalated since the invasion began and has continued relentlessly."

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.