Microsoft reported that it was able to avert attacks by the Russian state-sponsored hacking group Strontium, also known as APT28 or Fancy Bear, against Ukrainian organizations after seven of the attackers' domains have been disrupted, according to BleepingComputer.
Strontium has also leveraged the seized domains in attacking government institutions and foreign policy think tanks in the US and European Union, Microsoft noted. "We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information," said Microsoft Corporate Vice President of Security & Trust Tom Burt, who added that the company had been given a court order on the domains on Wednesday. Microsoft has already taken down 91 malicious Strontium domains in 2018. "This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work," added Burt.
Novel Go-based information stealer Aurora has been increasingly added by threat actors in their arsenal, with at least seven active cybercrime groups either leveraging the malware exclusively or alongside other info-stealers Raccoon and Redline, BleepingComputer reports.