Microsoft has seized seven domains used by the hacking group Strontium – also known as Fancy Bear and APT28 – after they were found to be targeting Ukrainian websites.
In the tech company's latest push back against the Russian state-sponsored hacking group, it obstructed attacks by redirecting the sites down a Microsoft-controlled sinkhole.
According to Microsoft, the Russian spies behind the attacks have been targeting Ukrainian organizations since the start of the war, as well as US government institutions and foreign policy think tanks. Strontium is also understood to be behind the 2016 DNC e-mail leak and countless cyberattacks on US businesses.
Microsoft Seized Seven Russian Domains
As the Russian-Ukrainian war enters its next phase, an increasing amount of Russian advances appear to be taking place on the digital front.
According to a blog post released by Microsoft on the 7th of April, the Russian GPU-backed hacking group Strontium is playing a central role in this effort, with the gang recently targeting a number of Ukrainian entities, including prominent media organizations.
In an effort to foil these attacks, the firm obtained a court ruling the day earlier authorizing them to seize seven APT28 controlled domains. Microsoft has since redirected the sites into a sinkhole, restricting their current use and enabling them to notify victims about their dangers.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information… We have notified Ukraine’s government about the activity we detected and the action we’ve taken.” – Tom Burt, Microsoft’s corporate vice president of customer security
Far from this being their first interaction, this is just the latest development in a long-standing face-off between Microsoft and Strontium.
Microsoft first launched an investigation into the faceless hacking group in 2016, it mimicked the firms' trademarked software to trick victims into handing over classified information. Since then, Microsoft has used 15 executive court orders to seize over 100 Stromium controlled domains.
Who are Strontium – The Hackers Behind The Attack?
Strontium is a Russian hacking group that is known to promote the political interests of the Kremlin.
Despite Strontium and Microsoft's long and contested history, the Russian hacking group's impact stretches far beyond the software giant. In fact, with the ring understood to be one of the most active advanced persistent threat (APT) groups in the world, the list of its supposed involvements is rather exhaustive.
Operating since at least 2004, Strontium have been recognized to target a slew of international government, military, and private organizations. Most notably, they are understood to be responsible for the 2016 phishing attacks against Democratic National Committee (DNC), a malware attack resulting in 500,000 infected wireless routers, and interference with the 2016 Rio Olympics.
More recently, after Russia's invasion of Ukraine, Strontium's focus has appeared to shift to the Eastern European country, with the group targeting a number of Ukrainian organizations, select Ukrainian and Polish military officials, and a European satellite service.
How To Stay Safe From Online Threats
As the threats appear to emerge from every direction, there are a number of actions your business can take to stay safe.
By using virtual private networks (VPNs), your sensitive company information can become encrypted. This protects your business's data even if your employees are using an unreliable public Wi-Fi connection. What's more, VPNs can also be used to support a remote workforce, with tools like NordLayer and ExpressVPN giving remote workers access to internal applications on a single shared network.
Antivirus software solutions can be another promising line of defense against cyber threats. If you're interested in how they can be used as part of a robust cybersecurity strategy, take a look at the best antivirus software options.