Microsoft takes over domains controlled by Russia-based cybercriminal group Strontium


Level 61
Thread author
Top poster
Content Creator
Apr 24, 2016
What you need to know
  • Microsoft took control of seven internet domains to obstruct the efforts of Russia-based cybercriminal organization Strontium.
  • Strontium was using the domains to target media organizations in Ukraine and government institutions in the United States and European Union.
  • Microsoft received a court order to take over the domains and has used similar tactics in the past to combat Strontium.
Microsoft recently took over seven domains connected to the Russia-based cybercriminal organization Strontium. The domains were used to target media organizations in Ukraine as well as government institutions in the United States and European Union that were involved in foreign policy. Microsoft received a court order on April 6, 2022 that allowed the company to seize the domains, which have since been redirected to a sinkhole controlled by Microsoft.

Microsoft has worked to stop Strontium for several years. To date, the tech giant has seized over 100 domains that were once controlled by the Russia-based cybercriminal group.

"This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium," said Microsoft Corporate Vice President of Customer Security & Trust Tom Burt. "We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains."

Burt called Microsoft's efforts a "small part" of the cybercriminal activity that the company has seen during the ongoing war in Ukraine. Microsoft President Brad Smith discussed how the company was fighting cyberattacks during the war earlier this year. As of March 23, 2022, Microsoft had committed $35 million to help Ukraine, part of which is in the form of cybersecurity assistance.

Microsoft has had previous run-ins with Strontium. In November 2020, the company detected attacks that targeted COVID-19 research. Strontium was one of the groups connected to those attacks.