Thursday, December 5, 2024
Homecyber securityMicrosoft Disrupted APT28 Domains Used by Russian Spies to Target Ukraine

Microsoft Disrupted APT28 Domains Used by Russian Spies to Target Ukraine

Published on

SIEM as a Service

In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks.

All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this hacking group is affiliated with Russia’s GRU.

The threat actors have also used these domains to conduct attacks against the following organizations:-

- Advertisement - SIEM as a Service
  • US government organizations.
  • EU government organizations.
  • Think tanks in the United States (involved in foreign policy).
  • Think tanks in the European Union (involved in foreign policy).

APT28 aka Strontium Target Ukraine

Microsoft received a court order on April 6th to completely terminate the seven domains that are managed by the Strontium group to deliver cyberattacks against Ukraine.

The Domain names used by Strontium are currently being redirected to a sinkhole controlled by Microsoft in order to mitigate the Strontium’s present use of these domains and along with that also help the victims receive notifications.

During the course of the investigation, Microsoft formulated the opinion that the Strontium might be seeking long-term access to the systems of its targets through the following methods:-

  • Exfiltration of sensitive data.
  • Assist in the physical invasion by providing tactical support.

Microsoft is aware that Strontium is involved in several malicious activities and cyber-attack attempts to compromise the Ukrainian organization’s networks. That’s why as a result, Microsoft has already notified the Ukrainian government about the matter.

Targeted Governments Globally

In August 2018, Microsoft filed 15 other cases against this Russian hacking group, and during that time, Microsoft disrupted 91 malicious domains affiliated with the group.

Since 2004, the APT28 aka Strontium has been operating on behalf of the 85th Main Special Service Center (GTSS) of the General Staff of Russia (GRU).

Moreover, the cyberespionage campaigns targeting governments around the world have been conducted by its operators, and below we have mentioned all the known campaigns conducted:-

  • Attacks against the German federal parliament in 2015.
  • Attacks against the Democratic National Committee (DNC) in 2016.
  • Attacks against the Democratic Congressional Campaign Committee (DCCC) in 2016.

Several members of this hacking group have been charged with hacking the Democratic National Committee and the Democratic Congressional Campaign Committee in 2018 by the United States. 

Not, only that even they have been found guilty of targeting and hacking the individuals who are involved in the campaign of Clinton.

After the US, the Council of the European Union also imposed several sanctions against the multiple members of this APT group for executing attacks against the German federal parliament in 2015.

While here’s what Microsoft has stated:- 

“We have marked most of Russia’s nation-state actors who are engaged in the ongoing full-scale offensive against the Ukrainian government and critical infrastructure.” 

That’s why to mitigate such cyber-attacks and defend the Ukrainian government and critical infrastructures, Microsoft has affirmed that it will work closely with all kinds of organizations.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...