Microsoft seized Russian domains targeting Ukrainian media organizations

Illustration by Alex Castro / The Verge

Strontium, also known as Fancy Bear, a Russian hacking group with ties to the country's military intelligence agency, had seven domain names seized by Microsoft. According to Microsoft, Russian spies used these sites to target Ukrainian media outlets, as well as foreign policy think tanks and government institutions located in the US and the European Union.

On April 6th, a court order was obtained by Microsoft to take control of each domain. They were directed to a server used by cybersecurity experts to capture and analyze malicious connections. The company says it has taken over 100 domains from Fancy Bear.

Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information, according to Microsoft's corporate vice president.

The hacking group has tried to interfere with both the US and Ukraine before. Fancy Bear was linked to cyberattacks on the Democratic National Committee in 2016 and the US election in 2020.

Russia's invasion of Ukraine has made cyberattacks worse by Fancy Bear and other bad actors. Last month, Fancy Bear and Ghostwriter were accused of carrying out an attack on Ukrainian officials and members of the Polish military. Russian state-sponsored hackers have been accused of hacking into a European satellite service at the start of Russia's invasion of Ukraine, as well as targeting US defense contractors in February. It is not clear if Fancy Bear was behind either attack.

Related

In Ukraine, hacktivists fight back with data leaks