According to Microsoft, those responsible are part of a group called “Strontium,” an actor says the company has been monitoring for years. On Wednesday, April 6, the company said it had received a court order authorizing it to take control of seven domains it was using to carry out the Strontium attacks.
“We have redirected these domains to an area controlled by Microsoft, allowing us to reduce Strontium’s current use of these domains and enable victim notifications,” he said. “We believe that strontium was attempting to establish long-term access to the systems of its targets, to provide strategic support for physical intrusions, and to filter sensitive information. We have notified the Government of Ukraine of the activity whose We’ve found out and we’ve taken action,” Microsoft said.