Microsoft Disrupted APT28 Domains Used by Russian Spies to Target Ukraine

In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks.

All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this hacking group is affiliated with Russia’s GRU.

The threat actors have also used these domains to conduct attacks against the following organizations:-

• US government organizations.
• EU government organizations.
• Think tanks in the United States (involved in foreign policy).
• Think tanks in the European Union (involved in foreign policy).

APT28 aka Strontium Target Ukraine

Microsoft received a court order on April 6th to completely terminate the seven domains that are managed by the Strontium group to deliver cyberattacks against Ukraine.

The Domain names used by Strontium are currently being redirected to a sinkhole controlled by Microsoft in order to mitigate the Strontium’s present use of these domains and along with that also help the victims receive notifications.

During the course of the investigation, Microsoft formulated the opinion that the Strontium might be seeking long-term access to the systems of its targets through the following methods:-

• Exfiltration of sensitive data.
• Assist in the physical invasion by providing tactical support.

Microsoft is aware that Strontium is involved in several malicious activities and cyber-attack attempts to compromise the Ukrainian organization’s networks. That’s why as a result, Microsoft has already notified the Ukrainian government about the matter.

Targeted Governments Globally

In August 2018, Microsoft filed 15 other cases against this Russian hacking group, and during that time, Microsoft disrupted 91 malicious domains affiliated with the group.

Since 2004, the APT28 aka Strontium has been operating on behalf of the 85th Main Special Service Center (GTSS) of the General Staff of Russia (GRU).

Moreover, the cyberespionage campaigns targeting governments around the world have been conducted by its operators, and below we have mentioned all the known campaigns conducted:-

• Attacks against the German federal parliament in 2015.
• Attacks against the Democratic National Committee (DNC) in 2016.
• Attacks against the Democratic Congressional Campaign Committee (DCCC) in 2016.

Several members of this hacking group have been charged with hacking the Democratic National Committee and the Democratic Congressional Campaign Committee in 2018 by the United States. 

Not, only that even they have been found guilty of targeting and hacking the individuals who are involved in the campaign of Clinton.

After the US, the Council of the European Union also imposed several sanctions against the multiple members of this APT group for executing attacks against the German federal parliament in 2015.

While here’s what Microsoft has stated:- 

“We have marked most of Russia’s nation-state actors who are engaged in the ongoing full-scale offensive against the Ukrainian government and critical infrastructure.” 

That’s why to mitigate such cyber-attacks and defend the Ukrainian government and critical infrastructures, Microsoft has affirmed that it will work closely with all kinds of organizations.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.