By obtaining a court order, Microsoft claims to have seized over seven domains belonging to Strontium, a Russian APT that’s targeting Ukrainian organizations lately.
The order let Microsoft redirect all these domains to a sinkhole controlled by the company, thereby mitigating any risks associated with it. Microsoft also said these domains are previously used in attacks against UK and US organizations.
Seizing Domains of APT28
Microsoft is one of the threat intelligence units that’s tracking APTs worldwide and has been warning concerned institutions to be vigilant against attacks. In this pursuit, the company is also filing legal cases against the threat actors to contain their expansion, and APT28 is one of them being affected.
As per Microsoft blog, they have obtained a court order to seize seven of the domains belonging to Strontium – also known as Fancy Bear or APT28 and is said to be linked to Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.
Domains that Microsoft took control over had been used for attacks against UK and US organizations in past, and now against the Ukrainian organizations too. Thus, with the court order, these seven domains are now re-directed to a sinkhole that’s controlled by Microsoft.
This mitigates any risks associated with these domains. Microsoft has been filing cases with Court to seize such domains and has successfully taken over 91 malicious domains to date.
APTs like Strontium are mainly motivated by reconnaissance purposes, thereby they tend to stay as long as possible in their victim’s networks for gathering important data, to be helping their nation’s tactical battle. Microsoft is also notifying the affected organizations in Ukraine and aiding them to avoid such attacks.
Other Trending News:- News