The American technology and software company Microsoft is helping to protect Ukraine against cyberattacks from Russia.
On Thursday, Microsoft Vice President Casper Klynge confirmed the company was working to disrupt a hacking group dubbed “Strontium,” suspected of having ties to the Russian military’s Main Intelligence Directorate, known as GRU.
“We have disrupted some attacks on targets in Ukraine,” Klynge tweeted. “Strontium, a Russian GRU-connected actor, was targeting Ukrainian institutions including media organizations as well as government institutions & think tanks in the United States & the EU.”
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion & exfiltrate sensitive information,” Klynge added. “We have notified Ukraine’s government about the activity we detected & the action taken.”
Klynge said, “We have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government & critical infrastructure, & we continue to work closely with government & organizations in Ukraine to help them defend against this onslaught.”
In a Thursday press release, Microsoft said it had also obtained a court order authorizing it to seize control of seven different internet domains Strontium is suspected of using in its cyber attacks.
“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” the press release stated.
While Microsoft has been public about its efforts to protect Ukraine against Russian cyber activity, the U.S. company has reportedly been less public about its business activities in Russia.
Russian-linked groups appear to be playing an active role to disrupting Ukraine while Russian forces carry on the attack on the physical front. The U.S. and United Kingdom assessed Russian government-linked hacking groups had launched cyberattacks against Ukraine in the days leading up to the invasion. By mid-March, U.S. government officials told Bloomberg News that suspected Russian-linked hacking efforts had made little progress against Ukrainian networks.
On Wednesday, the U.S. Department of Justice announced it had carried out a court-authorized operation throughout the month of March to disrupt a botnet comprised of “thousands of infected network hardware devices” that it said had been used by a hacking group known as “Sandworm.” The hacking group is another that is suspected of working with Russia’s GRU.
The DOJ said it managed to disconnect victim devices, known as “bots,” from the Sandworm botnet’s command and control mechanism.
“This court-authorized removal of malware deployed by the Russian GRU demonstrates the department’s commitment to disrupt nation-state hacking using all of the legal tools at our disposal,” said, Assistant Attorney General Matthew G. Olsen of the DOJ’s National Security Division. “By working closely with WatchGuard and other government agencies in this country and the United Kingdom to analyze the malware and to develop detection and remediation tools, we are together showing the strength that public-private partnership brings to our country’s cybersecurity. The department remains committed to confronting and disrupting nation-state hacking, in whatever form it takes.”
