Microsoft is continuing to come down hard on Russia amid the country's awful invasion of Ukraine. The company has already stopped sales in the country. In direct help to Ukraine, Microsoft has been helping to thwart cyberattacks. For the latest step, Microsoft says it has claimed domains controlled by the Strontium group, a known Russia-backed threat group.
According to the company, it has taken over the domains following a court order approval on April 6. Microsoft has a long history of fighting against the Strontium group, including combatting attacks on U.S. elections in 2019. Strontium is also known as Fancy Bear or APT28.
As well as a long wrap sheet against U.S. organizations and government agencies, Strontium has been leading Russia-backed cyberattacks in Ukraine. Now Microsoft has control of the group's domains, the company is re-directing those domains to a sinkhole where users cannot be harmed by the attack.
Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft the company will also inform victims of Strontium.
“This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains.”
Microsoft points out taking down Strontium's latest attack is an important step, but it is just a step. The group is not going away despite this setback, while there are dozens of other attack groups with their targets firmly on Ukraine.
Tip of the day:
Did you know you can use Windows built in antivirus Microsoft Defender also with scheduled scans? In our tutorial we give you step-by-step instructions on how to program your personal scan-schedule to keep your free of malware.