Cyber news April 8, 2022: Kremlin TV hacked, Microsoft overtake Strontium domains

Sicherheit (Pexels, allgemeine Nutzung)[German]Today a few more news around the topic of cyber security. Hackers have penetrated in March Russian TV systems and in April the Kremlin's TV  system and seem to have hundreds of surveillance cameras under control. In addition, Microsoft has taken over seven domains that were misused by the Russian APT28 hacker group (Strontium, Fancy Bear) for attacks against facilities in Ukraine.


Kremlin TV system hacked

At the begin of March hackers from the group "The Black Rabbit World", close to the Anonymous collective, probably managed to penetrate the Russian streaming service Winik and lvi, and hack into the TV channles of Russia 24, Moscov 24 and Channel One. This is probably evident from the following tweet – which has live TV images linked in the following tweet.

Kreml TV hacked

A report with further details can be found on Swiss site here you can find links to further tweets and the hint what was probably hacked. Allegedly, they have control over hundreds of cameras in Russia.

Kreml TV hacked

In early April 2022, Anonymous hackers managed again to penetrate the Kremlin's internal video and TV system and tap recordings from cameras, as the above tweet suggest.


Microsoft stops Russian APT28 group Strontium

Microsoft has recently observed attacks by the hacker group Strontium (also known as APT28 or Fancy Bear) on Ukrainian facilities. The hacking group has been monitored by Microsoft security people for years and has been linked to the Russian military intelligence agency GRU.

Then, on Wednesday, April 6, 2022, Microsoft was able to obtain a court order authorizing the company to take control of seven Internet domains. These domains were used by Strontium to carry out these attacks. Furthermore, these domains were also used to attack U.S. and EU government institutions and foreign policy think tanks.

Meanwhile, Microsoft employees have redirected traffic to these domains to a Microsoft-controlled sinkhole. This allows Strontium's current use of these domains to be restricted. In addition, Microsoft now has the ability to notify victims. The Strontium attacks are only a small part of the activity Microsoft has observed in Ukraine.

As Microsoft writes here, this disruption is only is part of a long-term operation underway since 2016 to take legal and technical measures to seize the infrastructure used by Strontium. The Redmond folks have established a legal process that allows security folks to get quick court rulings for this work. So far, the Microsoft people have already taken action in this way 15 times to seize control of more than 100 domains controlled by Strontium.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *