Microsoft says it derailed a Russian hacking effort targeting groups in Ukraine, including media organizations.
The company secured a court order on Wednesday to take over seven internet domains the Russian hackers were using to conduct the attacks, according to Microsoft corporate vice president Tom Burt.
Microsoft is blaming the attacks on a Russian state-sponsored hacking group dubbed Strontium, also known as Fancy Bear or APT 28, which famously breached the Democratic National Committee during the 2016 election. US intelligence claims the hacking unit works for Russia’s military intelligence, the GRU.
“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” Burt wrote in a blog post.
(Image: Tom Burt)
On Twitter, Burt also shared an example of one of the attacks, which involved a phishing message containing a PDF document named “corruption_2022.” Burt didn’t elaborate on the attacks, but the document is likely designed to load malware on the victim’s computer.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Burt added. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
Despite the domain takeovers, Microsoft said the phishing attacks from Strontium are only “a small part” of the hacking activities the company has seen in Ukraine. Cyberwarfare targeting the country “has escalated since the invasion began and has continued relentlessly,” Burt noted.
Recommended by Our Editors
“Since then, we have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught,” Burt added.
The company plans on providing a more detailed report on the cyberwarfare in Ukraine in the coming weeks.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
