Microsoft said it uncovered attempts by a Russian state-backed hacking group to hack into US and EU government institutions to conduct cyber espionage as part of supporting Russia’s ground invasion of Ukraine.
In a blog post on Thursday, Microsoft said it had disrupted cyber attacks, which it attributed to Strontium, a hacking group linked to Russia’s military intelligence. These targeted US and EU government bodies and think tanks “involved in foreign policy” as well as Ukrainian institutions such as media organisations, it said.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Tom Burt, Microsoft’s corporate vice-president of customer, security & trust wrote in the post.
It is unclear whether any of the attempts to breach the unnamed victims were successful. Microsoft said, though, that on Wednesday it obtained a court order that authorised the company to take control of seven internet domains being wielded by Strontium to conduct the attacks, thereby preventing further hacking attempts.
Microsoft said that since the invasion of Russia, the company “observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure”.