Apr 08, 2022 11:03:00

Microsoft interferes with cyber attacks by Russian hackers targeting Ukrainian news outlets

On April 7, 2022, Tom Bert, vice president of customer security trust at Microsoft, published a blog that 'confused a cyberattack from Russia targeting Ukraine.' It is said that Microsoft blocked the cyber attack this time by the Russian hacker group '

Strontium ', which has been pointed out to be related to the General Information Bureau (GRU) of the Russian Federation Army Chief of Staff.

Disrupting cyberattacks targeting Ukraine --Microsoft On the Issues
https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/

Microsoft takes down APT28 domains used in attacks against Ukraine
https://www.bleepingcomputer.com/news/microsoft/microsoft-takes-down-apt28-domains-used-in-attacks-against-ukraine/

Strontium is a group of hackers also known as 'Fancy Bear,' 'APT28,' and 'Tsar Team,' attacking anti-doping agencies around the world , attacking individuals and organizations related to the 2020 US presidential election , and the new Corona. We have attacked institutions that research vaccines and treatments for viral infections (COVID-19).

Microsoft announces that 'Russia and North Korea have hacked research organizations related to the new corona vaccine' --GIGAZINE

Microsoft, which has been tracking Strontium's activities for many years, recently learned that Strontium is conducting a cyberattack targeting Ukraine and decided to confuse this attack. 'We got a court order on Wednesday, April 6th, allowing Strontium to control the seven Internet domains it was using to carry out these attacks,' said Bert. By redirecting these domains to a Microsoft-managed DNS sinkhole , it is now possible to curb the use of these domains by Strontium and notify victims. '

According to Microsoft, Strongium's cyberattacks targeted Ukrainian agencies, including the press, as well as US and EU government agencies and think tanks involved in foreign policy. 'Strontium is believed to have provided tactical support for physical aggression and attempted to leak sensitive information by establishing long-term access to the targeted system,' Microsoft said. He has already explained to the Ukrainian government about the activities of Strontium detected this time and Microsoft's sabotage measures.

'This disruption is part of an ongoing long-term investment that began in 2016, taking legal and technical steps to seize the infrastructure used by Strontium. Therefore, we have established a legal process that enables us to obtain a swift court decision. Prior to this week, we took action 15 times through this process, controlling over 100 domains controlled by Strontium. I have seized it. '

Microsoft is working closely with the Ukrainian government and organizations of all kinds to help prevent cyber attacks from Russia. 'We will provide a more comprehensive view of cyberwarfare in Ukraine in the coming weeks,' Bert said in a blog post.