Microsoft Details Efforts to Fight Russian Cyber Attacks Targeting Ukraine

Microsoft has detailed its latest efforts to tackle cyber attacks targetting organizations in Ukraine. The Redmond giant revealed that it had successfully disrupted a series of high-profile attacks by a Russian state-sponsored hacking group dubbed “Strontium.”

Strontium is one of the most popular APT groups worldwide that works closely with the Russian military intelligence agency known as the GRU. This particular group has previously carried out hacking and information warfare operations during the 2016 US presidential election. Additionally, Russian hackers were involved in a cyberattack targetting the opening ceremony of the 2018 Winter Olympic Games.

Microsoft uses sinkhole to block Russian cyberattacks

Microsoft explained in its press release that it had seized seven internet domains used by Strontium to conduct cyber attacks. Specifically, these domains were being to target Ukrainian media organizations, as well as EU and US government agencies and think tanks involved in foreign policy. The company received a court order on April 6 that allowed it to take control and re-direct these internet domains to a Microsoft-managed sinkhole.

According to Microsoft, the hackers wanted to gain long-term access to sensitive data and information stored within the internal systems of the targeted organizations. The company says that it has reported Strontium’s malicious activities to the Ukrainian government.

“This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains,” explained Tom Burt, CVP of Customer Security & Trust.

Microsoft added that the latest Strontium attacks represent only a small portion of the cybercriminal activity observed during the ongoing war in Ukraine. The National Cyber Security Centre (NCSC) warned last week that organizations that criticize the Russian government or provide services to Ukraine are at greater risk of cyberattacks.