Microsoft managed to neutralize cyberattacks against Ukrainian targets executed by the Russian hacker group — knocking out seven domains used as the basis of the attack infrastructure.
Microsoft claims to have documented cyberattacks by a group of hackers called Strontium, which has been monitored by experts for several years and is linked to Russia’s Main Intelligence Directorate.
According to Tom Burt, Microsoft Corporate Vice President, Customer Security & Trust, the Russian hacker group planned to attack Ukrainian organizations, including the media, as well as public and private institutions associated with foreign policy in the US and the EU.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken.” — Tom Burt said.
He also said that Microsoft has been monitoring Strontium for years. The tech giant managed to intercept the attacks after the company received a court order on April 6, allowing it to take over the online domains used by the hackers to carry out cyberattacks. Then, by redirecting the seven domains that the group used for their attacks, Microsoft was able to make sure Strontium couldn’t use them.
Attacks using Strontium are only a small part of the activity in Ukraine that Microsoft has been watching. Before the Russian invasion, Microsoft teams began working around the clock to help businesses in Ukraine, including government agencies, defend against the onslaught of cyber warfare that had intensified since the invasion began.