American tech giant Microsoft on April 7 announced that they have been successful in diffusing some threats from Russian-state backed actors, who were targeting Ukrainian cyber assets including that of critical government and media entities.
The company in a blog post said, “We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium’s attacks on targets in Ukraine.”
Microsoft said that they obtained a US court order on April 6 to take control of seven domains to take control of these malicious launch pads used for cyber-attacks by the Russians. “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” the blog by Tom Burt – Corporate Vice President, Customer Security & Trust of the company added.
GRU is Russia’s largest foreign intelligence agency and Strontium is a group of hackers closely associated with the GRU.
Other than targeting Ukrainians, Microsoft said that these hackers were targeting government institutions and think tanks in the United States and the European Union.
Strontium was under scrutiny from Microsoft since 2016 and the company said that they were working on taking both legal and technical measures to counter the hackers. Previously too, the company had taken control of more than a hundred of such rogue Strontium domains.
Microsoft said that these Strontium attacks were only a minuscule part of the cyber aggression launched by the Russians since the start of the war on February 24. They said that the company was working around the clock to help organizations in Ukraine, including government agencies, defend against this relentless wave of attacks.
Microsoft further said that they have noticed that almost all Russian state actors engage in cyber-attacks against Ukraine since the break of the war.