Email security, Security Strategy, Plan, Budget, Threat Management

Microsoft sinkholes GRU phishing sites targeting Ukraine, US

Microsoft said on its blog that it disrupted phishing sites used by Russian intelligence to target Ukraine. Pictured: A view of a monument at the entrance to Borodianka, Ukraine, on April 5, 2022. (Photo by Anastasia Vlasova/Getty Images)

Microsoft announced Thursday that it had foiled some Russian intelligence phishing efforts targeting "Ukrainian institutions including media organizations [as well as] government institutions and think tanks in the United States and the European Union involved in foreign policy."

"We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken," wrote Tom Burt, corporate vice president of customer security and trust in a blog post.

According to the post, Microsoft sued in court to take over domains of websites being operated by APT 28 (Fancy Bear in Crowdstrike parlance, Strontium in Microsoft's). The sites now redirect to a Microsoft sinkhole.

Microsoft has used the tactic several times since 2016 to disrupt actors not just in Russian intelligence, but also North Korean cybercriminals, Chinese intelligence, and COVID scams.

"We have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught," Burt wrote.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.