Microsoft has revealed that it has taken control of seven internet domains controlled by a Russia-linked hacking entity known as Strontium. According to the company, the domains were being used in cyber attacks against Ukrainian institutions such as media organisations as well as government institutions and think tanks in the United States and the European Union involved in foreign policy.
The domains were seized after Microsoft got a court order on April 6. Microsoft has long been tackling Strontium and has a process already in place where it can rapidly secure court orders to take action against the group’s hacking activities. With control of the domains, Microsoft has re-directed these domains to a sinkhole that it runs to keep users safe and notify victims of the attack.
Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft said:
“This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains.”
While it's good that Microsoft was able to tackle Strontium’s latest attack, the company acknowledged that it’s just a small part of the cyber warfare in Ukraine. Nevertheless, Microsoft continues to work with organisations in the country to tackle attacks that have only escalated since the Russian invasion began.