Disrupted cyberattacks targeting Ukrainian entities, says Microsoft
Microsoft Corp. has confirmed it “disrupted” cyberattacks targeting Ukrainian entities from the Russian GRU, nicknamed Strontium. Microsoft has been monitoring Strontium activities and taking action against the Russian group since 2016.
“We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium’s attacks on targets in Ukraine. On Wednesday April 6, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks. We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” Microsoft wrote in a blog post on Thursday.
Microsoft further added that Strontium targeted Ukrainian institutions such as media organizations, government institutions, and foreign policymakers in the United States and the European Union.
“Strontium was using this infrastructure to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy. We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken.
“This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains,” the tech giant added.
Microsoft said it is working around the clock to defend against “cyberwarfare,” which has escalated since the invasion began on February 24. The tech firm has also revealed “observing” a steep rise in cyberattacks against Ukraine’s government and critical infrastructure by the Russia-backed organizations.