{"id":123701,"date":"2022-04-08T15:07:49","date_gmt":"2022-04-08T15:07:49","guid":{"rendered":"https:\/\/news.microsoft.com\/?p=446005"},"modified":"2022-04-08T15:07:49","modified_gmt":"2022-04-08T15:07:49","slug":"disrupting-cyberattacks-targeting-ukraine","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2022\/04\/08\/disrupting-cyberattacks-targeting-ukraine\/","title":{"rendered":"Disrupting cyberattacks targeting Ukraine"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/04\/disrupting-cyberattacks-targeting-ukraine.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Today, we\u2019re sharing more about cyberattacks we\u2019ve seen from a Russian nation-state actor targeting Ukraine and steps we\u2019ve taken to disrupt it.<\/p>\n<p>We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium\u2019s attacks on targets in Ukraine. On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks. We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium\u2019s current use of these domains and enable victim notifications.<\/p>\n<p>Strontium was using this infrastructure to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy. We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine\u2019s government about the activity we detected and the action we\u2019ve taken.<\/p>\n<p>This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains.<\/p>\n<p>The Strontium attacks are just a small part of the activity we have seen in Ukraine. Before the Russian invasion, our teams began working around the clock to help organizations in Ukraine, including government agencies, defend against an onslaught of cyberwarfare that has escalated since the invasion began and has continued relentlessly. Since then, we have observed nearly all of Russia\u2019s nation-state actors engaged in the ongoing full-scale offensive against Ukraine\u2019s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught. In the coming weeks we expect to provide a more comprehensive look at the scope of the cyberwar in Ukraine.<\/p>\n<p class=\"tag-list\">Tags: <a aria-label=\"See more stories about cyberattacks\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/cyberattacks\/\" rel=\"tag\">cyberattacks<\/a>, <a aria-label=\"See more stories about cybersecurity\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/cybersecurity-2\/\" rel=\"tag\">cybersecurity<\/a>, <a aria-label=\"See more stories about cyberwar\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/cyberwar\/\" rel=\"tag\">cyberwar<\/a>, <a aria-label=\"See more stories about Russia\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/russia\/\" rel=\"tag\">Russia<\/a>, <a aria-label=\"See more stories about strontium\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/strontium\/\" rel=\"tag\">strontium<\/a>, <a aria-label=\"See more stories about Ukraine\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/ukraine\/\" rel=\"tag\">Ukraine<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we\u2019re sharing more about cyberattacks we\u2019ve seen from a Russian nation-state actor targeting Ukraine and steps we\u2019ve taken to disrupt it. We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium\u2019s attacks on targets in Ukraine. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":123702,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[50,52],"class_list":["post-123701","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-news","tag-recent-news","tag-security"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/123701","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=123701"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/123701\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/123702"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=123701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=123701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=123701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}