Security News > 2022 > April > Microsoft dogs Strontium domains to stop attacks on Ukraine

The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium - aka APT28 and FancyBear, among other names - via an expedited court process that enables the company to quickly get judicial approval for such actions, according to Tom Burt, corporate vice president of customer security and trust at Microsoft.
Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency.
After taking control of the infrastructure, Microsoft redirected the domains to a sinkhole it controls, enabling the company to mitigate Strontium's attacks and notify the victims.
"The Strontium attacks are just a small part of the activity we have seen in Ukraine," Burt said.
Since the invasion, Microsoft has seen "Nearly all of Russia's nation-state actors engaged in the ongoing full-scale offensive against Ukraine's government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught."
Russia and its allies started their cyberattacks on Ukraine in the run-up to the invasion, which began February 24, and have only increased their efforts since, targeting both Ukrainian government agencies and private companies as well as government organizations around the world that have shown sympathy for Ukraine or participated in the mounting sanctions against the country.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/04/08/microsoft-russia-stronium-domains/
Related news
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)