microsoft it has dealt a major blow to Russia’s cyberattack strategy, which has played a key role in the Ukraine war. the redmond company ad the blocking of multiple attack attempts by the hacker group Strontiumwhich has ties to the GRU, the Russian military intelligence service.
The company took control of seven internet domains used by Kremlin-sponsored hackers to coordinate attacks. “We have since redirected them to a Microsoft-controlled sinkhole, allowing us to mitigate Strontium’s current use of these domains and notify victims,” they explained.
Strontium’s main purpose was to launch cyberattacks against Ukrainian targets, but it was not limited to that. Microsoft cybersecurity experts indicated that the sights were also set on government entities and think tanks of the United States and the European Union involved in foreign policy.
And although the blocked cyberattacks would be directly related to the war in Ukraine, the American company considers that they were part of a sustainable strategy over time. “We believe that Strontium was attempting to establish long-term access to its targets’ systems, provide tactical support for physical invasion, and extract sensitive information,” Redmond posted.
Microsoft hits Russia’s hacker strategy with a sledgehammer
What Microsoft has achieved is clearly no small thing. Strontium has become one of the most active state-sponsored hacker groups in recent years. The same, also identified as Fancy Bear either APT28, has hacked government offices, political parties and defense services in different parts of the world; one of his most resounding attacks in recent years has been against the Democratic National Committee, during Hillary Clinton’s campaign for the presidency of the United States.
And to this must be added various large-scale campaigns for the distribution of malware Y phishing. To the point that Google saw a significant increase in alerts related to malware and phishing during 2021.
But beyond the importance of what Microsoft achieved this week, the work is far from finished. In fact, the Redmonders indicated that their most recent blockade of Russian cyberattacks is part of long-term planning that began in 2016; this has allowed them to take control on more than 100 domains controlled by StrontiumUntil now.
However, it is important to note that the US company is not approaching this work in “justice mode”, but through a legal framework. For this reason, Microsoft needs to obtain court orders before taking action against hackers. And while it is inevitable to think that bureaucracy can slow down operations, in reality it is not. “We have established a legal process that allows us to obtain quick judicial decisions for this work,” asserted those led by Satya Nadella; They added: “In the coming weeks we hope to provide a more comprehensive view of the scope of cyber warfare in Ukraine.”
Another blow to the Kremlin hackers
Microsoft’s blocking of Strontium cyberattacks has not been the only blow to Russian-sponsored hacking groups. This week, the FBI announced that “silently” removed malware created by the GRU and supposedly intended to create botnet.
As published New York Times, the criminal investigation agency worked with the Justice Department to take the network offline. For this, they used secret court orders, indicates the aforementioned medium. “Fortunately, we were able to disrupt this botnet before it could be used,” said US Attorney General Merrick Garland.