Microsoft claims to have recently taken down seven domains used by Russian cybercriminals in cyberattacks on Ukrainian targets.
APT28 (also known as Strontium), a Russian state-sponsored hacking outfit with ties to the GRU military intelligence branch, targeted Ukrainian targets.
According to Microsoft’s assessment, endpoints belonging to Ukrainian institutions and media organizations were among the targets.
“On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks,” said Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft.
“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and allow victim notifications to.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.”
The domains are also used in attacks against Western, EU, and US government organizations.
“This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process to get rapid court decisions for this work,” Burt also said.
APT28 is one of the most well-known Russian state-sponsored cybercrime organizations. It is also known as Fancy Bear and has most likely been in business since the mid-2000s. It targets government entities, military, and security groups in Western nations.
APT28 is not a strange name to the global cybersecurity world, especially to security organizations from the US and EU. This group of hackers is an essential factor acting on behalf of the military unit 26165 of the General Intelligence Service of the Russian Government (GRU) performing tasks in cyberspace.
APT28 began to gain popularity in 2004 with a series of high-profile cyber-espionage campaigns aimed at governments worldwide. Maybe to come as the 2015 attack on the German Parliament, the Democratic National Committee (DNC), and the Democratic Congressional Campaign Committee (DCCC) of the United States in 2016. In August 2018, Microsoft filed 15 other profiles involving the hacker group APT28, which resulted in the seizure of 91 malicious domains. Currently, many members of this organization are either punished or wanted globally.
So far, it’s connected to cyberattacks on the German and Norwegian parliaments, the French TV station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Cooperation in Europe, and Emmanuel Macron’s presidential campaign in France.
It was also claimed that the organization attempted to sway the 2016 US presidential elections.