Security News > 2022 > April > Microsoft takes down APT28 domains used in attacks against Ukraine
Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.
Strontium, linked to Russia's military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.
The domains were also used in attacks against US and EU government institutions and think tanks involved in foreign policy.
"On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks," said Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft.
"We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications."
Microsoft filed 15 other cases against this Russian-backed threat group in August 2018, leading to the seizure of 91 malicious domains.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)