The US tech giant announced late last week that it had seized numerous domains belonging to Russian hackers who were using them to carry out such attacks. They are hackers belonging to a group known as APT28 and Fancy Bear, which are associated with Russian intelligence GRU. Microsoft named the group Strontium and discovered that hackers had created a number of domains and started using them to attack a number of Ukrainian institutions, including media organizations as well as government institutions. So he decided to block them.

He decided to do it legally and took the matter to court. The latter published a court ruling in early April authorizing it to take control of seven domains that APT28 was using to carry out cyberattacks. At the same time, Microsoft informed the Ukrainian government of the whole affair and the measures taken by it. Interestingly, Microsoft’s takeover of these domains comes just days after the FBI announced that it had tracked down a huge botnet also run by the GRU.

Also check:

Microsoft’s move is part of a broader corporate initiative launched six years ago to stop Russian-sponsored hackers. During the following years, the company obtains several court decisions concerning the acquisition of Internet infrastructures used by the APT28 group. To date, Microsoft has taken control of more than a hundred malicious domains belonging to hackers.

APT28 is the same hacker group behind the attack on US satellite communications provider Viasat. The incident disrupted the provision of satellite services across Europe. Investigators have shown that the attack was likely the result of a destructive malware action similar to the well-known VPNFilter malware. This malware is a work of the APT28 group and has infected thousands of home and small business routers and network devices around the world in recent years.