Threat Watch

Microsoft Takes Down APT28 Domains Used in Attacks Against Ukraine

In a blog post yesterday, Microsoft announced they disrupted cyber-attacks conducted by Russian state actors targeting Ukraine. The attacks were coming from Strontium, a threat actor connected to Russian intelligence services that Microsoft has been tracking for years. Microsoft observed Strontium using seven domains to target Ukrainian media organizations. Microsoft stated, “On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks.” This is not the only time Microsoft has observed Russian state actors targeting the Ukraine. Since the Russian invasion of Ukraine, Microsoft has observed nearly all known Russian-backed hackers conducting attacks on Ukrainian organizations. Russia has been conducting a full scale cyber assault on the Ukrainian government and the country’s critical infrastructure. Microsoft said they have been working closely with the Ukrainian government to notify them and help defend against the attacks.

ANALYST NOTES

It is no secret that Russia has been engaged in a full-scale cyberwar with Ukraine, even before the invasion. It is likely Russia will increase the scale of cyber-attacks as both Russia’s initial cyber and kinetic attacks have not been as effective as they hoped. Ukraine continues to effectively defend itself in both domains, and global support for Ukraine has increased with each day. It is likely that this support will cause Russia to launch cyber-attacks at a NATO country to discourage further Ukrainian aid.

https://www.bleepingcomputer.com/news/microsoft/microsoft-takes-down-apt28-domains-used-in-attacks-against-ukraine/

https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/