Microsoft seized seven domains from Strontium, also known as Fancy Bear or APT28, a Russian hacking group with ties to the country’s military intelligence agency, the company announced in a blog entry (about TechCrunch). According to Microsoft, Russian spies used these sites to target Ukrainian media, as well as foreign policy think tanks and government institutions in the US and European Union.
Microsoft obtained an injunction on April 6th to take control of each domain. It then redirected them a sinkhole, or a server used by cybersecurity professionals to capture and analyze malicious connections. The company says it seized over 100 Fancy Bear-controlled domains prior to this recent deactivation.
“We believe Strontium attempted to gain long-term access to its targets’ systems, provide tactical support for the physical invasion, and exfiltrate sensitive information,” said Tom Burt, corporate vice president of customer security and trust at Microsoft, in the Post Office. “We have informed the Ukrainian government of the activities we have detected and the actions we have taken.”
This particular hacking group has a long history of attempts to meddle in both Ukraine and the US. Fancy Bear has been linked Cyber attacks on the Democratic National Committee in 2016 and aimed at the 2020 US election.
Russia’s invasion of Ukraine has only exacerbated cyberattacks by Fancy Bear and other bad actors. Last month, Google, Fancy Bear and the Belarusian hacking group Ghostwriters said they carried out a phishing attack against Ukrainian officials and members of the Polish military. So were Russian state-sponsored hackers Accused of hacking into a European satellite Service at the beginning of the Russian invasion of Ukraine, as well Attack on US defense contractors in February. It’s unclear if Fancy Bear was behind both attacks.
https://www.theverge.com/2022/4/9/23018258/microsoft-control-russian-domains-ukraine-war-cyberattack-fancy-bear-apt28-strontium Microsoft confiscated Russian domains targeting Ukrainian media organizations