US tech giant Microsoft on Apr 8 said that it has disrupted Russian hackers who attempted to infiltrate Ukrainian media organizations.
The spies were attempting to break into Ukrainian, EU and US targets, according to the company. Microsoft attributes the attacks to a group it calls “Strontium”.
In a blog post on Microsoft’s website, the firm said that a group was using internet domains in an effort to spy on US and EU government bodies and thinktanks, as well as a number of Ukrainian institutions including media organizations. Microsoft did not provide further details on who the targets were.
Microsoft said that it was taking legal and technical action to seize control of domains controlled by Strontium, and had obtained a court order that allowed it to take over seven domains on Apr 6.
Microsoft used a US court order to disable seven internet domains that a hacking group linked with Russian intelligence was using to try to infiltrate Ukrainian media organizations, reported CNN.
It’s the second time this week that a powerful US corporation or government agency has disclosed the use of a court order to target hackers accused of working for Russia’s military intelligence directorate, GRU.
The moves reflect US officials’ ongoing concerns about potential Russian retaliatory cyberattacks against US targets and a more aggressive strategy to try to thwart state-backed hacking operations.
The Justice Department revealed on Apr 6 that it had used a court order to disrupt a network of thousands of hacked computers controlled by another GRU-linked hacking group that could have been used in a cyberattack.
That network of infected computers, known as a botnet, “was a threat to US businesses, particularly the ones who were compromised, and it required action given the current threat environment,” the Justice Department official told reporters.