By neutralizing seven domains used as attack infrastructure, Microsoft successfully disrupted cyberattacks against Ukrainian targets coordinated by the Russian hacking group APT28.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyberattacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyberattacks?
There is the destructive kinetic war on Ukrainian territory and the quieter one of cyber which makes rage. For the war effort, the digital heavyweights are also on the front line. This is particularly the case of Microsoft. The firm comes from neutralize seven domains used as attack infrastructure against Ukrainian targets by Russian hackers. The pirate group in question is the notorious APT28 otherwise known as Fancy Bear or Strontium. A group of hackers linked to the military unit 26165 of the Russian military intelligence, the GRU.
To lure its targets, its members are used to using domain names referring to various Microsoft services. In this case, hackers are using these domains to target Ukrainian media and government institutions. But unlike the battlefield physical Located on Ukrainian territory, the acts of cyber warfare carried out by APT28 are global. Domains were also used to attack government institutions american and European as well as all the organizations which could gravitate in the foreign policy.
Microsoft’s fight against APT28
Microsoft did not act without first obtaining authorization from the US courts. To neutralize them, the seven domains were redirected to a “dead end” managed by Microsoft. The victims were also notified. For researchers at Microsoft’s cybersecurity laboratory, the members of the group sought to penetrate the computer systems of their targets and to establish themselves there permanently in order to exfiltrate sensitive information.
This cyber war, however, did not begin with the invasion of Ukraine by the Russian army at the end of February. In August 2018, Microsoft had already filed fifteen complaints precisely against this group of hackers. In all, 91 domains were then neutralized. The first counter-attacks even began in 2016, two years after the start of hostilities in the Donbass and the annexation of Crimea by Russia. The hacker group has also attempted to carry out cyberattacks in order to interfere in the elections of some European Union countries and in the 2016 US elections.
Interested in what you just read?