Wednesday, November 27, 2024
Homecyber securityMicrosoft Disrupted APT28 Domains Used by Russian Spies to Target Ukraine

Microsoft Disrupted APT28 Domains Used by Russian Spies to Target Ukraine

Published on

In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks.

All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this hacking group is affiliated with Russia’s GRU.

The threat actors have also used these domains to conduct attacks against the following organizations:-

- Advertisement - SIEM as a Service
  • US government organizations.
  • EU government organizations.
  • Think tanks in the United States (involved in foreign policy).
  • Think tanks in the European Union (involved in foreign policy).

APT28 aka Strontium Target Ukraine

Microsoft received a court order on April 6th to completely terminate the seven domains that are managed by the Strontium group to deliver cyberattacks against Ukraine.

The Domain names used by Strontium are currently being redirected to a sinkhole controlled by Microsoft in order to mitigate the Strontium’s present use of these domains and along with that also help the victims receive notifications.

During the course of the investigation, Microsoft formulated the opinion that the Strontium might be seeking long-term access to the systems of its targets through the following methods:-

  • Exfiltration of sensitive data.
  • Assist in the physical invasion by providing tactical support.

Microsoft is aware that Strontium is involved in several malicious activities and cyber-attack attempts to compromise the Ukrainian organization’s networks. That’s why as a result, Microsoft has already notified the Ukrainian government about the matter.

Targeted Governments Globally

In August 2018, Microsoft filed 15 other cases against this Russian hacking group, and during that time, Microsoft disrupted 91 malicious domains affiliated with the group.

Since 2004, the APT28 aka Strontium has been operating on behalf of the 85th Main Special Service Center (GTSS) of the General Staff of Russia (GRU).

Moreover, the cyberespionage campaigns targeting governments around the world have been conducted by its operators, and below we have mentioned all the known campaigns conducted:-

  • Attacks against the German federal parliament in 2015.
  • Attacks against the Democratic National Committee (DNC) in 2016.
  • Attacks against the Democratic Congressional Campaign Committee (DCCC) in 2016.

Several members of this hacking group have been charged with hacking the Democratic National Committee and the Democratic Congressional Campaign Committee in 2018 by the United States. 

Not, only that even they have been found guilty of targeting and hacking the individuals who are involved in the campaign of Clinton.

After the US, the Council of the European Union also imposed several sanctions against the multiple members of this APT group for executing attacks against the German federal parliament in 2015.

While here’s what Microsoft has stated:- 

“We have marked most of Russia’s nation-state actors who are engaged in the ongoing full-scale offensive against the Ukrainian government and critical infrastructure.” 

That’s why to mitigate such cyber-attacks and defend the Ukrainian government and critical infrastructures, Microsoft has affirmed that it will work closely with all kinds of organizations.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Junior School Student Indicted for Infecting Computers With Malware

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture...

Critical Gitlab Vulnerability Let Attackers Escalate Privileges

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates...

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...

RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Junior School Student Indicted for Infecting Computers With Malware

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture...

Critical Gitlab Vulnerability Let Attackers Escalate Privileges

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates...

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...