Security News > 2022 > April > Microsoft Takes Down Domains Used in Cyberattack Against Ukraine

In a blog post outlining the actions, Microsoft reported attackers used the domains to target Ukrainian media organizations, government institutions and foreign policy think tanks based in the U.S. and Europe.

"We obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks," said Tom Burt, corporate vice president of Customer Security and Trust at Microsoft.

"We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications," Burt said.

Prior to this, Microsoft seized 91 malicious domains as part of 15 separate court orders against what it asserts are Russian-language threat groups, dating back to August 2014.

The use of going through the courts to obtain a temporary restraining order against those identified as behind the malicious domains has been the main method that Microsoft has used to disrupt malicious campaigns.

The court order shuts down the malicious activity and gives Microsoft the legal authority to reroute traffic to domains Microsoft controls.

News URL

https://threatpost.com/microsoft-takedown-domains-ukraine/179257/