Microsoft took control of those seven internet domains used by Strontium for conducting cyberattacks on Ukrainian institutions as well as government bodies and think tanks in the US and the EU.
Microsoft Corp on Thursday said it had disrupted cyberattacks from Russian military spies targeted at Ukrainian, European and American entities. In a blog post, the tech giant said that a group it nicknamed “Strontium” was using seven internet domains to conduct attacks on Ukrainian institutions as well as government bodies and think tanks in the US and the European Union involved in foreign policy, without identifying any of the targets by name.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken,” Microsoft said.
Strontium is Microsoft’s moniker for a group also known as Fancy Bear or APT28, a hacking squad linked to Russia’s military intelligence agency.
Microsoft further revealed that it obtained a court order on Tuesday that authorised the company to take control of those seven internet domains used by Strontium for conducting the cyberattacks.
“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” it said.
According to the tech firm, nearly all of Russia’s state actors are engaged in the ongoing offensive against Ukraine’s government and critical infrastructure.
The statement comes as the Russian invasion of Ukraine entered its 44th day amid reports of alleged war crimes committed by invading troops. On Thursday, the UN General Assembly voted to suspend Russia from the Human Rights Council over the brutal killings of civilians in Bucha, the second time the UN body has taken such a step.