APT28 Domains Used in Cyberattacks Against Ukraine Taken Down by Microsoft

Microsoft was able to successfully disrupt cyberattacks targeting Ukraine that were conducted by the Russian APT28 cybercrime group after shutting down seven domains used as attack infrastructure.

What Is APT28?

The Russian-backed APT28 (also known as Fancy Bear or Strontium) hacking gang, which is connected to the GRU Russian military intelligence agency, is a threat actor that has been operational starting with 2004.

The domains that were taken down were used by the hacking group to target multiple Ukrainian entities, including media organizations.

According to BleepingComputer, they were also used in attacks on US and EU government agencies and think tanks involved in foreign policy.

Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft declared:

On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks.

We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.


APT28 hacking organization’s malicious

Read More: https://heimdalsecurity.com/blog/apt28-domains-used-in-cyberattacks-against-ukraine-taken-down-by-microsoft/