Microsoft took credit for disrupting cyberattacks this week conducted by an attacker connected with Russia and aimed at organizations in Ukraine, the United States and European Union.
The tech giant stopped the attacks on Wednesday, according to a blog post.
Strontium – also known as Fancy Bear or APT28 – known for its connection to the Russian government, launched attacks on media organizations in Ukraine, government institutions and think tanks in the U.S. and E.U. involved in foreign policy and other entities.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” according to the post. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
CRN USA has reached out to Microsoft for comment.
Strontium and “nearly all of Russia’s nation-state actors” have been attacking Ukraine’s government and critical infrastructure, according to Microsoft.
“In the coming weeks we expect to provide a more comprehensive look at the scope of the cyberwar in Ukraine,” according to the post, authored by Tom Burt, Microsoft’s corporate vice president for customer, security and trust.
Microsoft used a court order to take control of seven Strontium internet domains used in the attacks and re-directed the domains to a virtual sinkhole, according to the post.
Microsoft has been taking “legal and technical action” against Strontium since 2016, according to the post. In 2019, Microsoft announced that it had notified democratic institutions, think tanks and nonprofit organisations in Europe about Strontium attacks targeting 104 accounts.
“We have established a legal process that enables us to obtain rapid court decisions for this work,” according to the post. “Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains.”
Microsoft is among a group of tech companies to rethink business with Russia and Belarus because of the invasion of Ukraine.
In January, Microsoft announced a destructive malware operation that pummelled the Ukrainian government.
This week, the FBI stopped a Russian-government-backed botnet aimed at taking down small- to medium-sized businesses and home-office networks using technology from WatchGuard.