Microsoft stops Russian hackers from targeting Ukraine with domain takeover

Microsoft says it derailed a Russian hacking effort targeting groups in Ukraine, including media organizations.

The company won a court order on Wednesday to take over seven internet domains that Russian hackers were using to carry out the attacks, according to Microsoft Vice President Tom Burt.

Microsoft blames attacks on a Russian state-sponsored hacking group called Strontium, also known as Fancy Bear or APT 28, which notoriously violated the Democratic National Committee during the 2016 election. claim that the hacking unit works for Russian military intelligence, the GRU.

“We have since redirected these domains to a chasm controlled by Microsoft, allowing us to mitigate Strontium’s current use of these domains and enable victim notifications,” Burt wrote in a blog post.

(Photo: Tom Burt)

On Twitter, Burt also share an example of one of the attacks, which involved a phishing message containing a PDF document named “corruption_2022”. Burt didn’t give details about the attacks, but the document is likely designed to load malware onto the victim’s computer.

“We believe Strontium was attempting to establish long-term access to its targets’ systems, provide tactical support for physical invasion, and exfiltrate sensitive information,” Burt added. “We have notified the Ukrainian government of the activity we have detected and the action we have taken.”

Despite the domain takeovers, Microsoft said the Strontium phishing attacks are only “a small part” of the hacking activity the company has seen in Ukraine. Cyber ​​warfare targeting the country “has escalated since the invasion began and has continued unabated,” Burt noted.

Recommended by our editors

“Since then, we have observed almost every actor of the Russian nation-state engaged in the ongoing large-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with the government and organizations of all kinds in Ukraine to help them defend against this onslaught,” Burt added.

The company plans to provide a more detailed report on cyber warfare in Ukraine in the coming weeks.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.","first_published_at":"2021-09-30T21:22:09.000000Z","published_at":"2022-03-24T14:57:33.000000Z","last_published_at":"2022-03-24T14:57:28.000000Z","created_at":null,"updated_at":"2022-03-24T14:57:33.000000Z"})" x-show="showEmailSignUp()" class="rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs">
Do you like what you read ?

Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use and Privacy Policy. You can unsubscribe from newsletters at any time.