1/2
April 8 (UPI) — Microsoft on Thursday said that it was able to disrupt some cyberattacks from Strontium, a Russia group connected to the country’s military intelligence service that has been targeting Ukraine.
The company said on its blog that it obtained a court order on Wednesday authorizing it to “take control of seven Internet domains Strontium was using to conduct these attacks.”
Strontium had targeted Ukrainian organizations that included media outlets and foreign policy organizations in the United States and European Union, according to Tom Burt, Microsoft’s corporate vice president of customer security and trust.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Burt wrote.
He added that Microsoft has established a legal process that enables it to obtain “rapid court decisions for this work” and that the company has taken action through that process 15 times to take control of more than 100 Strontium-controlled domains.
The company in late March announced that it had deployed cybersecurity technical protections for “dozens of targeted organizations” working with the Ukrainian government. It said that it was also providing licenses and services that allow organizations in Ukraine the ability to operate by moving critical software services from on-premises servers to the cloud.
On Tuesday, top federal cybersecurity officials and members of Congress said that the invasion of Ukraine increases the risk of Russian hackers targeting critical infrastructure, and they urged more coordination between the government and private companies to combat the threat.
At a meeting of the House Homeland Security Committee, Rep. Ritchie Torres, D-N.Y., the committee’s vice chair, said: “Over the past decade, Russia has demonstrated its ability and willingness to use cyber tools to advance its global agenda. It has used its neighbors in Eastern Europe as testbeds for deploying its cyber capabilities to interfere with elections, spread disinformation, and disrupt critical infrastructure.”
Last month, U.S. and British officials accused four Russian officials — including hackers with a Moscow intelligence agency — with various cybercrimes committed over a period of several years against more than 100 countries, including the United States.
Meanwhile, the FBI said this week that it removed malware from a network of hacked computers that infected thousands of devices worldwide under the control of a Russian state-sponsored threat actor dubbed Sandworm.
