Microsoft has disrupted a campaign by the Russian threat actor known as Strontium (APT 28 or Fancy Bear), which was intended to attack Ukrainian media organizations, as well as government agencies in the United States and the European Union, as well as think tanks working in space. foreign policy, the company announced.
The company obtained a court ruling on April 6 to take control of seven Internet domains used by Strontium, according to a blog post by Tom Burt, corporate vice president of customer security at Microsoft.
The domains were redirected to Microsoft, specifically to a server designed to redirect malicious domain traffic, thus allowing the company to mitigate the activity and notify the targets of cyber attacks, writes Cybersecuritydive.
What Microsoft has done marks the giant’s latest effort to reduce Strontium’s activity, noting that it has taken similar actions 15 times to seize more than a hundred domains used by the threat actor.
Microsoft has blocked cyber attacks on Ukraine
Strontium, better known in the national security space as Fancy Bear, was linked to the attacks against the US in 2016, when he broke the Democratic National Committee, before the US presidential election. Also in 2020, Microsoft unveiled what it called “strong evidence of Strontium’s attacks on US and UK organizations directly involved in political campaigns.”
The new cyber-attack is the latest in a series of attacks on the invasion of Ukraine. The nation has been hit by numerous malware attacks, involving more than half a dozen malicious actors attacking data from a targeted system, as well as botnet attacks that hijack various devices to compromise computer systems. Microsoft researchers believe that the recent campaign sought long-term access to target organizations to help the war effort against Ukraine and to steal sensitive data.
The Biden administration has worked closely with private industry to help protect critical US infrastructure.