Microsoft seized seven domains belonging to Strontium, also referred to as Fancy Bear or APT28, a Russian hacking group with ties to the nation’s army intelligence company, the corporate introduced in a weblog put up (by way of TechCrunch). In line with Microsoft, Russian spies used these websites to focus on Ukrainian media retailers, in addition to overseas coverage assume tanks and authorities establishments situated within the US and the European Union.
Microsoft obtained a court docket order to take management of every area on April sixth. It then redirected them to a sinkhole, or a server utilized by cybersecurity specialists to seize and analyze malicious connections. The corporate says it has seized over 100 domains managed by Fancy Bear earlier than this most up-to-date takedown.
“We consider Strontium was trying to ascertain long-term entry to the techniques of its targets, present tactical assist for the bodily invasion and exfiltrate delicate data,” Tom Burt, Microsoft’s company vp of buyer safety and belief mentioned within the put up. “Now we have notified Ukraine’s authorities in regards to the exercise we detected and the motion we’ve taken.”
This explicit hacking group has an extended historical past of trying to intrude with each Ukraine and the US. Fancy Bear was linked to cyberattacks on the Democratic Nationwide Committee in 2016 and focused the US election in 2020.
Russia’s invasion of Ukraine has solely exacerbated cyberattacks by Fancy Bear and different unhealthy actors. Final month, Google mentioned Fancy Bear and Belarusian hacking group Ghostwriter carried out a phishing assault focusing on Ukrainian officers and members of the Polish army. Russian state-sponsored hackers have additionally been accused of hacking right into a European satellite tv for pc service initially of Russia’s invasion of Ukraine, in addition to focusing on US protection contractors in February. It’s unclear whether or not Fancy Bear was behind both assault.