Microsoft Control Russian Domains Ukraine War Cyberattack Fancy Bear Apt28 Strontium

Microsoft blocks Russian cyberattacks linked to Ukraine war

Strontium, a GRU-linked threat actor, targeted Ukraine media, foreign policy think tanks and government agencies in the U.S. and Europe.

David Dee Delgado via Getty Images

Swoop Brief:

  • Microsoft

    disrupted a entrada

    past the Russian threat actor known as Strontium (APT 28 or Fancy Behave) intent on attacking Ukraine media organizations, too as U.S. and Eu government agencies and call up tanks working in the strange policy space, the company said Thursday.

  • The visitor obtained a courtroom order on Apr vi to seize control of 7 internet domains used by Strontium, co-ordinate to a weblog post from Tom Burt, corporate vice president, customer security and trust at Microsoft.

  • The domains were redirected to a Microsoft-controlled sinkhole — a server designed to redirect malicious domain traffic — assuasive the visitor to mitigate the activity and notify targets of cyberattacks.

Dive Insight:

The disruption marks the latest effort past Microsoft to curb Strontium, noting that it has taken similar actions xv times to seize more than than 100 domains used by the threat histrion.

Strontium, more than widely known in the national security infinite as Fancy Deport, has been linked to attacks confronting the U.S. since 2016, when information technology hacked the Autonomous National Committee ahead of the U.S. presidential election.

In 2020, Microsoft disclosed what it called

stiff evidence of credential harvesting

by Strontium against U.S. and U.K. organizations directly involved in political campaigns.

The new assault is the latest in a series of attacks linked to the invasion of Ukraine.

Popular:   Block Blockstream Tesla Solar Bitcoin Mine Texas

The nation has been hit by numerous malware attacks, involving more than a half dozen malicious wipers that make clean data from a targeted arrangement too as botnet attacks that hijack various devices to compromise calculator systems. Microsoft researchers believe the contempo campaign sought long term admission to target organizations in order to assist the state of war try against Ukraine and to steal sensitive data.

The Biden administration has been working closely with private industry to interact to protect U.Southward. critical infrastructure leading upwards to and since the Ukraine invasion in late February.

“Operational collaboration through efforts such as our Joint Cyber Defense Collaborative ensure CISA is receiving and sharing critical information in real time, to help detect emerging threats and prevent other victims from existence impacted,” a spokesperson for the Cybersecurity and Infrastructure Security Bureau told Cybersecurity Swoop via email.

The Department of Justice announced Midweek a courtroom-ordered action to disrupt the

Cyclops Blink botnet

, which was used by the threat actor known as Sandworm to infect thousands of devices around the world.

Cyclops Blink, originally discovered in late February, was found attacking firewall appliances from WatchGuard Technologies and routers from Asus to attack users. The malware was considered a more destructive version of VPNFilter malware that was deployed by the threat actor in 2022.

The FBI told Cybersecurity Dive in an electronic mail it could “neither confirm nor deny the being of an investigation.”

Microsoft said it notified the Ukraine government of the disruption. The State Department did not immediately render requests for annotate, nor did Ukraine officials. The Eu Agency for Cybersecurity (ENISA) said information technology is monitoring the situation closely, but otherwise can’t provide annotate.

Popular:   Best Tablet Stand of 2022

Microsoft Control Russian Domains Ukraine War Cyberattack Fancy Bear Apt28 Strontium