Microsoft announced on Thursday that it had foiled some Russian intelligence phishing attempts targeting “Ukrainian institutions, including the media.” [as well as] government institutions and think tanks in the United States and the European Union involved in foreign policy.
“We believe Strontium was attempting to establish long-term access to its targets’ systems, provide tactical support for physical invasion, and exfiltrate sensitive information. We have notified the Ukrainian government of the activity we have detected and the actions we have taken. wrote Tom Burt, vice president of security and customer trust in a blog post.
According to the post, Microsoft has filed a lawsuit to take over domains of websites operated by APT 28 (Fancy Bear in Crowdstrike parlance, Strontium in Microsoft parlance). Sites now redirect to a Microsoft sinkhole.
Microsoft has used this tactic repeatedly since 2016 to disrupt players not only in Russian intelligence, but also North Korean cybercriminals, Chinese intelligence, and COVID scams.
“We have observed almost all Russian nation-state actors engaged in the ongoing large-scale offensive against the government and critical infrastructure of Ukraine, and we continue to work closely with the government and the organizations of all kinds in Ukraine to help them defend against this attack,” Burt wrote.