Microsoft seized Russian domains targeting Ukrainian media


Microsoft has seized seven domains belonging to Strontium, also known as Fancy Bear or APT28, a Russian hacking group linked to the country’s military intelligence agency, the company said in a statement. blog post (Going through TechCrunch). According to Microsoft, Russian spies used these sites to target Ukrainian media, as well as foreign policy think tanks and government institutions located in the United States and the European Union.

Microsoft obtained a court order to take control of each domain on April 6. He then redirected them to a hole, or a server used by cybersecurity experts to capture and analyze malicious logins. The company says it seized more than 100 domains controlled by Fancy Bear before this latest takedown.

“We believe Strontium was attempting to establish long-term access to its targets’ systems, provide tactical support for physical invasion, and exfiltrate sensitive information,” said Tom Burt, Microsoft vice president in charge of security and customer confidence. “We have notified the Ukrainian government of the activity we have detected and the action we have taken.”

This particular hacking group has a long history of attempts to interfere with Ukraine and the United States. Fancy Bear was linked to cyberattacks on the Democratic National Committee in 2016 and targeted the US election in 2020.

Russia’s invasion of Ukraine has only exacerbated cyberattacks by Fancy Bear and other malicious actors. Last month, Google said Fancy Bear and Belarusian hacking group Ghostwriter carried out a phishing attack targeting Ukrainian officials and members of the Polish military. Russian state-sponsored hackers have also been accused of hacking into a European satellite service at the start of Russia’s invasion of Ukraine, as well as targeting US defense contractors in February. It is unknown if Fancy Bear was behind either attack.


Comments are closed.