Security News > 2022 > April > Microsoft takes down APT28 domains used in attacks against Ukraine
Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.
Strontium, linked to Russia's military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.
The domains were also used in attacks against US and EU government institutions and think tanks involved in foreign policy.
"On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks," said Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft.
"We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications."
Microsoft filed 15 other cases against this Russian-backed threat group in August 2018, leading to the seizure of 91 malicious domains.
News URL
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)