Microsoft Corp. has disrupted a Russian cyber attacker that targeted Ukraine, according to Tom Burt, the company’s corporate vice president of customer security and trust.
In a blog post Thursday (April 7), Burt wrote that Microsoft recently observed targeted attacks against Ukrainian entities from Russia-based Strontium, the name of one of the groups associated with cyber mayhem.
This week, Microsoft obtained a court order authorizing it to seize seven internet domains Strontium used to conduct the attacks.
“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” he wrote.
The tech giant said Strontium was using the infrastructure to target Ukrainian media companies, government agencies and foreign policy think tanks in the United States and the European Union.
“We have notified Ukraine’s government about the activity we detected and the action we’ve taken,” he wrote.
Launched by Microsoft in 2016, this disruption is part of a long-term investment to take legal and technical action to seize infrastructure being used by Strontium.
“We have established a legal process that enables us to obtain rapid court decisions for this work,” Burt wrote.
Previously, the company has acted 15 times to seize control of more than 100 Strontium-controlled domains.
The Strontium attacks are a small part of the activity Ukraine. Before the Russian invasion, Microsoft said it had worked 24/7 to help Ukrainian organizations defend against an assault of cyberwarfare.
Also, this week U.S. and German officials reportedly seized what they said was the world’s largest darknet market, the Hydra Market. It was established to sell illegal goods and services.
See also: Darknet Market Hydra Shut Down by US, German Law Enforcement
The Hydra Market had its servers shut down, and crypto wallets containing $25 million worth of bitcoin were confiscated by German police on Tuesday (April 5).