Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine
The operation aimed to disrupt cyber espionage activity a Russian GRU group was using for the Ukraine war.
Microsoft this week commandeered seven domains being used by the Russian GRU nation-state hacking team known as Fancy Bear or Strontium to thwart the advanced persistent threat (APT) group from further targeting Ukrainian entities.
The sinkhole operation disrupted Fancy Bear's infrastructure that Microsoft had seen attacking media organizations in Ukraine, as well as government agencies and think tanks in the US and Europe.
"We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine's government about the activity we detected and the action we've taken," Microsoft corporate VP Tom Burt said in a blog post yesterday announcing the operation.
Microsoft has long had its sights on Strontium/Fancy Bear's network infrastructure. The company has used legal means 15 times to wrest away control of over 100 domains used by the Russian hackers.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024