Microsoft Defends Ukraine by Blocking Cyberattacks

Microsoft confirmed they were able to disrupt cyberattacks from a Russian-liked group that targeted Ukraine. This group is also known as Strontium or Fancy Bear/APT28.

Microsoft Blocks Cyberattacks Directed to Ukraine and the West

The cyberattacks were not only targeting Ukraine but also the West. The software company received a court order, allowing them to control seven different internet domains that said were used by Strontium for attacking the country.

The news from Microsoft came just shortly after the FBI announced that they were able to disrupt botnets that the GRU was also running. GRU is the Main Intelligence Directorial of the General Staff of the Armed Forces of the Russian Federation, according to HomelandSecurityToday.

Microsoft Gained Authorization to Control Seven Strontium Internet Domains

Tom Burt, the vice president of Microsoft's security, said on Apr. 6 that they could get a court order authorizing them to directly take control of seven different internet domains used by Strontium to make the attacks.

A story posted on Engadget said that Burt noted that they have been able to redirect the different domains to a Microsoft-controlled sinkhole that allowed the company to mitigate the use of Strontium in the domains, even allowing them to notify their victims.

Ukrainian Institutions and Media Organizations Targeted

The organizations tried to target different Ukrainian institutions and media organizations. This even included foreign policy government bodies stretched across the United States and the European Union.

Microsoft announced that they believe Strontium was trying to establish long-term access to its targets' systems. This was provided that tactical support was given directly for physical invasion and sensitive information deemed exfiltrated.

Microsoft Gained Technical and Legal Action to Seize APT28 Infrastructure

The actions were deemed part of a larger plan by both businesses and governments to thwart a massive wave of attacks directly on Ukraine. The company announced that they have been trying to take both technical and legal action to take control over and seize the infrastructure that APT28 used.

APT28 used the infrastructure as part of the ongoing long-term investment that initially started back in 2016. Burt announced that they had been able to establish a legal process to make sure that they would obtain rapid court decisions regarding what they were doing.

FBI Silently Removed Russian Malware

The FBI recently announced that they could silently remove a certain Russian malware that gave the country's GRU military intelligence arm to create botnets used to infect computer networks directly.

Strontium has been in operation since the mid-2000s and has been directly linked to attacks on the EU elections, US government agencies, NGOs, non-profits, and even other different agencies.

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics