Microsoft has seized seven internet domains linked with Russian threat group Strontium aka APT28, which was using the infrastructure to target Ukrainian institutions and others in EU and US.
Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia’s foreign military intelligence agency. Once took control of C2C, microsoft redirected the domains to a sinkhole it controls, enabled to mitigate Strontium’s attacks and notify the victims.
The latest case involving Strontium illustrates the state of modern warfare, with the battle in cyberspace running alongside the military battles going on in the physical world.
Microsoft has seen all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and continued to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught.
Russia and its allies started their cyberattacks on Ukraine in the run-up to the invasion, which began February 24, and have only increased their efforts since, targeting both Ukrainian government agencies and private companies as well as government organizations around the world that have shown sympathy for Ukraine or participated in the mounting sanctions against the country.