Microsoft seized seven domains belonging to Strontium, also referred to as Fancy Bear or APT28, a Russian hacking group with ties to the nation’s army intelligence company, the corporate introduced in a weblog submit (by way of TechCrunch). In line with Microsoft, Russian spies used these websites to focus on Ukrainian media shops, in addition to overseas coverage suppose tanks and authorities establishments positioned within the US and the European Union.
Microsoft obtained a courtroom order to take management of every area on April sixth. It then redirected them to a sinkhole, or a server utilized by cybersecurity specialists to seize and analyze malicious connections. The corporate says it has seized over 100 domains managed by Fancy Bear earlier than this most up-to-date takedown.
“We imagine Strontium was making an attempt to determine long-term entry to the techniques of its targets, present tactical help for the bodily invasion and exfiltrate delicate data,” Tom Burt, Microsoft’s company vice chairman of buyer safety and belief mentioned within the submit. “We’ve notified Ukraine’s authorities concerning the exercise we detected and the motion we’ve taken.”
This explicit hacking group has an extended historical past of making an attempt to intrude with each Ukraine and the US. Fancy Bear was linked to cyberattacks on the Democratic Nationwide Committee in 2016 and focused the US election in 2020.
Russia’s invasion of Ukraine has solely exacerbated cyberattacks by Fancy Bear and different unhealthy actors. Final month, Google mentioned Fancy Bear and Belarusian hacking group Ghostwriter carried out a phishing assault focusing on Ukrainian officers and members of the Polish army. Russian state-sponsored hackers have additionally been accused of hacking right into a European satellite tv for pc service firstly of Russia’s invasion of Ukraine, in addition to focusing on US protection contractors in February. It’s unclear whether or not Fancy Bear was behind both assault.