Microsoft disrupts cyberattacks targeting Ukraine from Russian-GRU connected group Strontium

Arif Bacchus

Microsoft Security Center

Microsoft has shared an update in regards to cyber attacks targeting Ukraine. The company now says it has recently disrupted attacks from Strontium, a Russian GRU-connected group.

These attacks have been tracked by Microsoft for years, and thanks to a court order on April 6, Microsoft has finally been able to take control of the domains Strontium was using. This helped disrupt attacks on Ukraine, as Microsoft was able to redirect the domains to a sinkhole, which it controls.

Indeed, as part of their attacks, Strontium was targeting Ukraine media organizations, and government institutions. Also part of Strontium‘s attacks were think tanks in the United States, and European Union which had been involved in foreign policy. According to Microsoft, this is what they were after.

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken.

Microsoft’s original investigation into Strontium started back in 2016. It says that it took action through legal processes 15 times to take control of more than 100 domains controlled by Strontium. You can learn more about Microsoft’s efforts to protect Ukraine from cyber attacks by checking out their blog post, last updated on March 23.