IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft uses sinkhole to thwart Russian state-backed Fancy Bear attacks

Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world

Fancy Bear Hacker sitting in front of laptop

Microsoft has thwarted a series of attacks said to have been orchestrated by high-profile Russian state-sponsored hacking group Fancy Bear by redirecting their domains to a Microsoft-controlled sinkhole, the tech giant revealed on Thursday.

Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world, having played a role in the 2016 hacking of the American presidential election and the cyber attack on the 2018 Winter Olympics in Pyeongchang, among many others.

Operating since at least 2004, Fancy Bear has close ties to the Russian foreign military intelligence agency GRU, and has become increasingly involved in supporting Russia’s military operations in cyber warfare.

Microsoft published a blog post detailing its actions against the hacking group, which this week was discovered targeting Ukrainian media organisations, as well as EU and US government institutions and foreign policy-involved think tanks.

On 6 April, Microsoft secured a court order that allowed it to take control of seven internet domains used by Fancy Bear to conduct the attacks.

“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” the tech giant’s Customer Security & Trust corporate VP Tom Burt stated on Thursday.

Related Resource

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Whitepaper cover with over-layered graphics of laptop, folder, file and skull/malware imagesFree Download

In order to ensure rapid responses to Fancy Bear’s attacks, Microsoft has also “established a legal process” that allows the tech giant to fast-track court decisions required to take over the hacking group’s domains.

“Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains,” said Burt.

Organisations aiding Ukraine or criticising the Russian government are considered to be at highest risk of being compromised by Russian threat actors, the NCSC warned on 30 March, as it advised businesses to avoid using Russian tech providers such as Kaspersky.

Microsoft’s findings come two weeks after the US indicted four members of the Russian government over two separate cyber security incidents between 2012 and 2018 that targeted global critical infrastructure organisations. The alleged “conspiracies”, which included the 2017 attack on a Saudi Arabian petrochemical facility, were uncovered by joint efforts of the UK and US.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022