Microsoft Sinks Attempted Hacks on Ukraine By Russian Spies

Microsoft Sinks Attempted Hacks on Ukraine By Russian Spies
Photo: Jakub Porzycki, Getty Images

Microsoft said that it had intercepted yet another string of Russian hacking attempts, this one coming from military spies targeting a wide range of think tanks, media orgs, and government institutions across Ukraine, the European Union, and the United States.

The bad actor responsible for the attacks, according to a Microsoft blog post published Thursday, was “Strontium,” otherwise known as Fancy Bear. The group is a Russian government affiliate that’s previously been caught exploiting everything from pharmaceutical companies to corporate network of smart devices. In this case, Microsoft says that the group was using seven different internet domains to conduct attacks aimed at spying on institutions across the EU and the US. Long an element of Russia’s foreign policy jockeying, cyberattacks have complemented Russia’s physical invasion of Ukraine by allowing it to make incursions on both Ukrainian websites and as well as international ones operated in countries providing aid to the besieged nation.

“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Microsoft’s VP of Customer Security and Trust, Tom Burt, wrote in the blog. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”

Per Burt, the action involved redirecting those seven domains to a Microsoft-controlled sinkhole, which allowed the company “to mitigate Strontium’s current use of these domains and enable victim notifications.”

Ukraine’s government institutions, media orgs, and countless citizens have faced an onslaught of hacking attempts — both in the lead-up to the Russia’s siege on the country in February, and in its immediate aftermath. This, in turn, prompted the Ukranian government to recruit a volunteer army of coder recruits to essentially hack those Russian targets back. Hundreds of thousands of professional and not-so-professional hackers from inside and outside Ukraine readily jumped on board.