9:23 p.m. ET, April 7, 2022
Microsoft says it disrupted Russian hacking infrastructure aimed at Ukraine
From CNN's Sean Lyngaas
Microsoft used a US court order to disable seven internet domains that a hacking group linked with Russian intelligence was using to try to infiltrate Ukrainian media organizations, in a likely effort to support Russia’s war, Microsoft said Thursday.
The hacking group, best known in the US for breaching the Democratic National Committee in the 2016 election, was likely trying to use cyber intrusions to “provide tactical support for the physical invasion and exfiltrate sensitive information,” according to Microsoft.
The hackers were “also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy,” Tom Burt, a corporate vice president at Microsoft, wrote in a blog post.
It was not immediately clear how successful the hacking attempts were. Microsoft declined to comment beyond the blog post.
It’s the second time this week that a powerful US corporation or government agency has disclosed the use of a court order to target hackers accused of working for Russia’s military intelligence directorate, GRU.
The moves reflect US officials’ ongoing concerns about potential Russian retaliatory cyberattacks against US targets, and a more aggressive strategy to try to thwart state-backed hacking operations.
The Justice Department revealed Wednesday that it had used a court order to disrupt a network of thousands of hacked computers controlled by another GRU-linked hacking group that could have been used in a cyberattack.
That network of infected computers, known as a botnet, “was a threat to US businesses, particularly the ones who were compromised, and it required action given the current threat environment,” the Justice Department official told reporters.
Russian cyber offense: While some analysts have argued that the full scope of Russian cyber capabilities hasn’t reared its head in Ukraine during the war, Burt said Microsoft has seen “nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive” against critical infrastructure and government organizations in Ukraine.