Microsoft obtains court order to take down domains used to target Ukraine

Microsoft announced that it had obtained a court order to take down seven domains used by APT28, also known as Strontium, a Russian-linked hacking group, to prevent the group’s attacks on Ukraine.

‘We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,’ Tom Burt, Microsoft’s corporate vice president of customer security and trust, said.

The domains were also used in attacks against the US and the EU government institutions and think tanks involved in foreign policy. ‘We believe APT28 was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,’ Burt added.