Microsoft has taken control of seven website domains used by APT28, the Russian state-sponsored military intelligence group that helped Russian President Vladimir Putin’s invasion by targeting institutions in Ukraine.
APT28, also known as “Fancy Bear” and referred to as Strontium by Microsoft, is a cyber hacking group linked to Russia’s foreign military intelligence agency, which used the website domains to go after Ukrainian entities, such as government institutions, think tanks, and news organizations, according to a Microsoft blog post published on Thursday.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion, and exfiltrate sensitive information,” said Tom Burt, Microsoft’s vice president for customer security.
“We have since redirected these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” Burt added. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
Microsoft has taken multiple steps since 2016 to tackle the Russian state-sponsored hacking group and has obtained many court orders in the past few years to take control of malicious website domains used by APT28.
