Microsoft says it disrupted Russian cyberattacks targeting Ukraine, West

Microsoft announced Thursday that it had disrupted Russian cyberattacks targeting Ukraine and organizations in the United States and European Union.

A Russian hacking group called Strontium was targeting Ukrainian organizations, including media organizations, as well as both public and private foreign policy-related institutions in the U.S. and EU, Tom Burt, Microsoft’s corporate vice president of customer security and trust, said in a blog post. Strontium is connected to the GRU, Russia’s military intelligence service.

“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Burt wrote.

Burt said Microsoft was able to interfere with attacks from Strontium after the company obtained a court order enabling it to take over online domains being used by the group on Wednesday.

By redirecting seven domains the group was using for its attacks, Microsoft was able to “mitigate Strontium’s current use of these domains and enable victim notifications,” according to Burt.

He said Microsoft has been tracking Strontium “for years.”

Russian cyberattacks against Ukraine have “escalated since the invasion began” and have “continued relentlessly” over the past month and a half, Burt wrote.

“Since then, we have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught,” he continued.