Security News > 2022 > April > Microsoft takes down APT28 domains used in attacks against Ukraine

Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.
Strontium, linked to Russia's military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.
The domains were also used in attacks against US and EU government institutions and think tanks involved in foreign policy.
"On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks," said Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft.
"We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications."
Microsoft filed 15 other cases against this Russian-backed threat group in August 2018, leading to the seizure of 91 malicious domains.
News URL
Related news
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)