IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft uses sinkhole to thwart Russian state-backed Fancy Bear attacks

Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world

Fancy Bear Hacker sitting in front of laptop

Microsoft has thwarted a series of attacks said to have been orchestrated by high-profile Russian state-sponsored hacking group Fancy Bear by redirecting their domains to a Microsoft-controlled sinkhole, the tech giant revealed on Thursday.

Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world, having played a role in the 2016 hacking of the American presidential election and the cyber attack on the 2018 Winter Olympics in Pyeongchang, among many others.

Operating since at least 2004, Fancy Bear has close ties to the Russian foreign military intelligence agency GRU, and has become increasingly involved in supporting Russia’s military operations in cyber warfare.

Microsoft published a blog post detailing its actions against the hacking group, which this week was discovered targeting Ukrainian media organisations, as well as EU and US government institutions and foreign policy-involved think tanks.

On 6 April, Microsoft secured a court order that allowed it to take control of seven internet domains used by Fancy Bear to conduct the attacks.

“We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications,” the tech giant’s Customer Security & Trust corporate VP Tom Burt stated on Thursday.

Related Resource

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Whitepaper cover with over-layered graphics of laptop, folder, file and skull/malware imagesFree Download

In order to ensure rapid responses to Fancy Bear’s attacks, Microsoft has also “established a legal process” that allows the tech giant to fast-track court decisions required to take over the hacking group’s domains.

“Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains,” said Burt.

Organisations aiding Ukraine or criticising the Russian government are considered to be at highest risk of being compromised by Russian threat actors, the NCSC warned on 30 March, as it advised businesses to avoid using Russian tech providers such as Kaspersky.

Microsoft’s findings come two weeks after the US indicted four members of the Russian government over two separate cyber security incidents between 2012 and 2018 that targeted global critical infrastructure organisations. The alleged “conspiracies”, which included the 2017 attack on a Saudi Arabian petrochemical facility, were uncovered by joint efforts of the UK and US.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is cyber warfare?
Security

What is cyber warfare?

20 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022