Microsoft has seized seven domains of Strontium, also known as Fancy Bear or APT28, a Russian hacking group with ties to the country’s military intelligence, the company announced in a blog post (via TechCrunch† According to Microsoft, Russian spies have used these sites to attack Ukrainian media, as well as foreign policy think tanks and government agencies in the US and the European Union.
Microsoft obtained a court order on April 6 to take control of each domain. They were then redirected to a sinkhole or server used by cybersecurity experts to capture and analyze malicious connections. The company says it seized more than 100 domains managed by Fancy Bear before this most recent takedown.
“We believe Strontium was trying to gain long-term access to its targets’ systems, provide tactical support for the physical invasion, and exfiltrate sensitive information,” said Tom Burt, corporate vice president of Customer Security and Trust at Microsoft. the mail. “We have informed the Ukrainian government of the activity we have detected and the action we have taken.”
This particular hacking group has a long history of attempting to interfere with both Ukraine and the US. Fancy Bear was linked to cyber attacks on the Democratic National Committee in 2016 and targeted the US elections in 2020.
The Russian invasion of Ukraine has only exacerbated cyber-attacks by Fancy Bear and other bad actors. Last month, Google said Fancy Bear and Belarusian hacking group Ghostwriter carried out a phishing attack on Ukrainian officials and members of the Polish military. Russian state-backed hackers have also been accused of hacking into a European satellite service at the start of the Russian invasion of Ukraine, and attacking US defense contractors in February. It’s unclear if Fancy Bear was behind both attacks.