Microsoft on disrupting cyberattacks targeting Ukraine; Facebook on countering Ghostwriter’s attempts
Tom Burt , the Corporate Vice President, Customer Security & Trust at Microsoft writes:
Today, we’re sharing more about cyberattacks we’ve seen from a Russian nation-state actor targeting Ukraine and steps we’ve taken to disrupt it.
We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium’s attacks on targets in Ukraine. On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks. We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.
Read more at Microsoft.
Facebook also got involved in trying to stop attacks on Ukraine, but in a different way. Jon Brodkin reports:
Facebook today reported an increase in attacks on accounts run by Ukraine military personnel. In some cases, attackers took over accounts and posted “videos calling on the Army to surrender,” but Facebook said it blocked sharing of the videos.
Specifically, Facebook owner Meta’s Q1 2022 Adversarial Threat Report said it has “seen a further spike in compromise attempts aimed at members of the Ukrainian military by Ghostwriter,” a hacking campaign that “typically targets people through email compromise and then uses that to gain access to their social media accounts across the Internet.” Ghostwriter has been linked to the Belarusian government.
Read more on Ars Technica.