By neutralizing seven domains used as attack infrastructure, Microsoft successfully disrupted cyber attacks on Ukrainian targets, coordinated by Russian hacking group APT28.
You will also be interested
[EN VIDÉO] What is a cyber attack? With the development of the internet and the cloud, cyber attacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyber attacks?
There is the destructive kinetic war on Ukrainian soil and the quieter of cyber that makes fury† For the war effort, the digital heavyweights are also on the front lines. This is especially the case of Microsoft† The company comes out neutralize seven domains used by Russian hackers as attack infrastructure against Ukrainian targets. The pirate group in question is the infamous APT28 also known as Fancy Bear or Strontium† A group of hackers linked to the military unit 26165 of the Russian military intelligence service, the GRU.
To lure its targets, its members are used to using domain names pointing to various Microsoft services. In this case, hackers are using these domains to target Ukrainian media and government agencies. But unlike the battlefield physical Located on Ukrainian territory, the acts of cyber warfare carried out by APT28 are global. Domains were also used to attack government institutions American and European as well as all organizations that could be attracted in foreign policy.
Microsoft’s fight against APT28
Microsoft did not act without first obtaining clearance from the US courts. To neutralize them, the seven domains were diverted to a “dead end” managed by Microsoft† The victims were also notified. For researchers at Microsoft’s cybersecurity lab, the group’s members attempted to penetrate their targets’ computer systems and settle there permanently to exfiltrate sensitive information.
However, this cyber war did not begin with the Russian army’s invasion of Ukraine in late February. In August 2018, Microsoft already had fifteen complaints precisely against this group of hackers. A total of 91 domains were subsequently neutralized. The first counter-attacks even started in 2016, two years after the start of hostilities in the Donbass and Russia’s annexation of Crimea. The hacker group has also attempted to carry out cyber attacks to interfere in the elections of some European Union countries and in the 2016 US elections.
Interested in what you just read?