Security News > 2022 > April > Microsoft dogs Strontium domains to stop attacks on Ukraine

The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium - aka APT28 and FancyBear, among other names - via an expedited court process that enables the company to quickly get judicial approval for such actions, according to Tom Burt, corporate vice president of customer security and trust at Microsoft.

Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency.

After taking control of the infrastructure, Microsoft redirected the domains to a sinkhole it controls, enabling the company to mitigate Strontium's attacks and notify the victims.

"The Strontium attacks are just a small part of the activity we have seen in Ukraine," Burt said.

Since the invasion, Microsoft has seen "Nearly all of Russia's nation-state actors engaged in the ongoing full-scale offensive against Ukraine's government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught."

Russia and its allies started their cyberattacks on Ukraine in the run-up to the invasion, which began February 24, and have only increased their efforts since, targeting both Ukrainian government agencies and private companies as well as government organizations around the world that have shown sympathy for Ukraine or participated in the mounting sanctions against the country.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/08/microsoft-russia-stronium-domains/