Microsoft Confiscates Seven Domains Belonging To Fancy Bear, Used To Hack Ukrainian, US And EU Sites
JAKARTA - Microsoft recently seized seven domains belonging to Strontium, also known as Fancy Bear or APT28. This is a Russian hacking group with ties to the Russian military intelligence agency.
The seizure was announced by Microsoft, in a blog post. According to Microsoft, Russian spies used the site to target Ukrainian media, as well as foreign policy think tanks and government agencies located in the US and the European Union.
Microsoft has obtained a court order to take over each domain on April 6. It then directs them to sinkholes, or servers used by cybersecurity experts to capture and analyze malicious connections. Microsoft also said it had seized more than 100 domains controlled by Fancy Bear prior to this latest deletion.
"We believe Strontium seeks to establish long-term access to its target systems, provide tactical support for physical invasion and extract sensitive information," Tom Burt, corporate vice president of security and customer trust at Microsoft said in the post, quoted by The Verge.
SEE ALSO:
"We have notified the Ukrainian government about the activity we detected and the actions we have taken," Burt added.
This particular group of hackers has a long history of trying to interfere with both Ukraine and the US. Fancy Bear was linked to a cyberattack on the Democratic National Committee in 2016 and targeted the 2020 US election.
Russia's invasion of Ukraine only exacerbated cyberattacks by Fancy Bear and other bad actors. Last month, Google said Fancy Bear and Belarusian hacker group Ghostwriter carried out phishing attacks targeting Ukrainian officials and members of the Polish military.
Russian state-sponsored hackers are also accused of hacking European satellite services at the start of Russia's invasion of Ukraine. They also targeted US defense contractors in February. It is not clear if Fancy Bear was behind both attacks.