Microsoft has reportedly seized seven domains that it claims were part of ongoing cyberattacks appeared to be perpetrated by Russian advanced persistent threat actors. The campaign targeted Ukrainian-related digital access. Microsoft was able to obtain court orders to take over the domains, which it stated were used by Strontium. Strontium is also known by the names APT28, Fancy Bear, and Sofancy. Microsoft reported that the domains were used to target organizations such as government institutions, media organizations, foreign policy think tanks, and other key industries.

Microsoft redirected the domains to a sinkhole reportedly in its control, enabling it to mitigate the APT’s traffic and sever its use of the domains. From there, Microsoft was able to enable victim notifications. Although the specific usage of the domains was not clarified, Microsoft stated that the APT was attempting to establish persistent access to a target’s system that would have likely facilitated a second stage attack. This would have been a harmful attack that included the extraction of information such as credentials.

Read More: Microsoft Takes Down Domains Used in Cyberattack Against Ukraine