Friday, March 29, 2024

Microsoft Disrupted APT28 Domains Used by Russian Spies to Target Ukraine

In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks.

All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this hacking group is affiliated with Russia’s GRU.

The threat actors have also used these domains to conduct attacks against the following organizations:-

  • US government organizations.
  • EU government organizations.
  • Think tanks in the United States (involved in foreign policy).
  • Think tanks in the European Union (involved in foreign policy).

APT28 aka Strontium Target Ukraine

Microsoft received a court order on April 6th to completely terminate the seven domains that are managed by the Strontium group to deliver cyberattacks against Ukraine.

The Domain names used by Strontium are currently being redirected to a sinkhole controlled by Microsoft in order to mitigate the Strontium’s present use of these domains and along with that also help the victims receive notifications.

During the course of the investigation, Microsoft formulated the opinion that the Strontium might be seeking long-term access to the systems of its targets through the following methods:-

  • Exfiltration of sensitive data.
  • Assist in the physical invasion by providing tactical support.

Microsoft is aware that Strontium is involved in several malicious activities and cyber-attack attempts to compromise the Ukrainian organization’s networks. That’s why as a result, Microsoft has already notified the Ukrainian government about the matter.

Targeted Governments Globally

In August 2018, Microsoft filed 15 other cases against this Russian hacking group, and during that time, Microsoft disrupted 91 malicious domains affiliated with the group.

Since 2004, the APT28 aka Strontium has been operating on behalf of the 85th Main Special Service Center (GTSS) of the General Staff of Russia (GRU).

Moreover, the cyberespionage campaigns targeting governments around the world have been conducted by its operators, and below we have mentioned all the known campaigns conducted:-

  • Attacks against the German federal parliament in 2015.
  • Attacks against the Democratic National Committee (DNC) in 2016.
  • Attacks against the Democratic Congressional Campaign Committee (DCCC) in 2016.

Several members of this hacking group have been charged with hacking the Democratic National Committee and the Democratic Congressional Campaign Committee in 2018 by the United States. 

Not, only that even they have been found guilty of targeting and hacking the individuals who are involved in the campaign of Clinton.

After the US, the Council of the European Union also imposed several sanctions against the multiple members of this APT group for executing attacks against the German federal parliament in 2015.

While here’s what Microsoft has stated:- 

“We have marked most of Russia’s nation-state actors who are engaged in the ongoing full-scale offensive against the Ukrainian government and critical infrastructure.” 

That’s why to mitigate such cyber-attacks and defend the Ukrainian government and critical infrastructures, Microsoft has affirmed that it will work closely with all kinds of organizations.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles