IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft uses sinkhole to thwart Russian state-backed Fancy Bear attacks

Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world

Fancy Bear Hacker sitting in front of laptop

Microsoft has thwarted a series of attacks said to have been orchestrated by high-profile Russian state-sponsored hacking group Fancy Bear by redirecting their domains to a Microsoft-controlled sinkhole, the tech giant revealed on Thursday.

Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world, having played a role in the 2016 hacking of the American presidential election and the cyber attack on the 2018 Winter Olympics in Pyeongchang, among many others.

Operating since at least 2004, Fancy Bear has close ties to the Russian foreign military intelligence agency GRU, and has become increasingly involved in supporting Russia’s military operations in cyber warfare.

Microsoft published a blog post detailing its actions against the hacking group, which this week was discovered targeting Ukrainian media organisations, as well as EU and US government institutions and foreign policy-involved think tanks.

On 6 April, Microsoft secured a court order that allowed it to take control of seven internet domains used by Fancy Bear to conduct the attacks.

“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” the tech giant’s Customer Security & Trust corporate VP Tom Burt stated on Thursday.

Related Resource

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Whitepaper cover with over-layered graphics of laptop, folder, file and skull/malware imagesFree Download

In order to ensure rapid responses to Fancy Bear’s attacks, Microsoft has also “established a legal process” that allows the tech giant to fast-track court decisions required to take over the hacking group’s domains.

“Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains,” said Burt.

Organisations aiding Ukraine or criticising the Russian government are considered to be at highest risk of being compromised by Russian threat actors, the NCSC warned on 30 March, as it advised businesses to avoid using Russian tech providers such as Kaspersky.

Microsoft’s findings come two weeks after the US indicted four members of the Russian government over two separate cyber security incidents between 2012 and 2018 that targeted global critical infrastructure organisations. The alleged “conspiracies”, which included the 2017 attack on a Saudi Arabian petrochemical facility, were uncovered by joint efforts of the UK and US.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

SOC modernisation and and the role of XDR
Whitepaper

SOC modernisation and and the role of XDR

16 Mar 2023
Analysing the economic benefits of Trend Micro Vision One
Whitepaper

Analysing the economic benefits of Trend Micro Vision One

16 Mar 2023
More than a number: Your risk score explained
Whitepaper

More than a number: Your risk score explained

16 Mar 2023
The IT manager's guide to getting home in time for dinner
Whitepaper

The IT manager's guide to getting home in time for dinner

15 Mar 2023

Most Popular

The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Why Amazon is cutting staff from AWS
Cloud

Why Amazon is cutting staff from AWS

21 Mar 2023
Why – and how – IP can be the hero in your digital transformation success story
Sponsored

Why – and how – IP can be the hero in your digital transformation success story

6 Mar 2023