Microsoft Corp. said it has disrupted cyberattacks from a group linked to the GRU – Russia’s foreign military unit – that were targeting Ukrainian entities and media organizations, as well as government institutions and foreign policy think tanks in the United States, according to an April 7 company blog.
After observing cyberattack attempts by the GRU-sponsored attack group Strontium, Microsoft was able to obtain a court order and seize seven of the domains that the company had observed Strontium using to carry out these attacks.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Tom Burt, Microsoft’s corporate vice president of customer security and trust, wrote. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
Microsoft said Strontium had also targeted government institutions and think thanks in the European Union. The company said that prior to the latest domain seizure, it had gone through the process of filing for a court order 15 other times, resulting in the total seizure of more than 100 of the group’s domains.
While the company was able to disrupt Strontium, it warned that the group’s actions are just a piece of the cyber activity it is seeing in Ukraine. Microsoft said it has been working with Ukrainian organizations to guard against cyberattacks since before the Russian invasion began, but cautioned that the rate and severity of the attacks have increased.
“We have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught,” Burt wrote. “In the coming weeks, we expect to provide a more comprehensive look at the scope of the cyberwar in Ukraine.”