Microsoft Takes Down Domains Used in Cyberattack Against Ukraine

The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn.

Microsoft seized seven domains it claims were part of ongoing cyberattacks by what it said are state-sponsored Russian advanced persistent threat actors that targeted Ukrainian-related digital assets.

The company obtained court orders to take control of the domains it said were used by Strontium, also known as APT28, Sofacy, Fancy Bear and Sednit. In a blog post outlining the actions, Microsoft reported attackers used the domains to target Ukrainian media organizations, government institutions and foreign policy think tanks based in the U.S. and Europe.

“We obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks,” said Tom Burt, corporate vice president of Customer Security and Trust at Microsoft.

Sinkhole is a security term that refers to the redirection of internet traffic from domains, at the domain-server network level, by security researchers for analysis and mitigation. Microsoft did not specify how the domains were specifically being abused, beyond identifying those targeted.

“We have since re-directed these domains to a sinkhole

Read More: https://threatpost.com/microsoft-takedown-domains-ukraine/179257/