Microsoft announced Thursday that it had foiled some Russian intelligence phishing efforts targeting “Ukrainian institutions including media organizations [as well as] government institutions and think tanks in the United States and the European Union involved in foreign policy.”
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken,” wrote Tom Burt, corporate vice president of customer security and trust in a blog post.
According to the post, Microsoft sued in court to take over domains of websites being operated by APT 28 (Fancy Bear in Crowdstrike parlance, Strontium in Microsoft’s). The sites now redirect to a Microsoft sinkhole.
Microsoft has used the tactic several times since 2016 to disrupt actors not just in Russian intelligence, but also North Korean cybercriminals, Chinese intelligence, and COVID scams.
“We have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught,” Burt wrote.