Microsoft reported that it was able to avert attacks by the Russian state-sponsored hacking group Strontium, also known as APT28 or Fancy Bear, against Ukrainian organizations after seven of the attackers' domains have been disrupted, according to BleepingComputer.
Strontium has also leveraged the seized domains in attacking government institutions and foreign policy think tanks in the US and European Union, Microsoft noted. "We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information," said Microsoft Corporate Vice President of Security & Trust Tom Burt, who added that the company had been given a court order on the domains on Wednesday. Microsoft has already taken down 91 malicious Strontium domains in 2018. "This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium. We have established a legal process that enables us to obtain rapid court decisions for this work," added Burt.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.