Microsoft takes over domains controlled by Russia-based cybercriminal group Strontium

Microsoft Logo 2022
Microsoft Logo 2022 (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft took control of seven internet domains to obstruct the efforts of Russia-based cybercriminal organization Strontium.
  • Strontium was using the domains to target media organizations in Ukraine and government institutions in the United States and European Union.
  • Microsoft received a court order to take over the domains and has used similar tactics in the past to combat Strontium.

Microsoft recently took over seven domains connected to the Russia-based cybercriminal organization Strontium. The domains were used to target media organizations in Ukraine as well as government institutions in the United States and European Union that were involved in foreign policy. Microsoft received a court order on April 6, 2022 that allowed the company to seize the domains, which have since been redirected to a sinkhole controlled by Microsoft.

Microsoft has worked to stop Strontium for several years. To date, the tech giant has seized over 100 domains that were once controlled by the Russia-based cybercriminal group.

"This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium," said Microsoft Corporate Vice President of Customer Security & Trust Tom Burt. "We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains."

Burt called Microsoft's efforts a "small part" of the cybercriminal activity that the company has seen during the ongoing war in Ukraine. Microsoft President Brad Smith discussed how the company was fighting cyberattacks during the war earlier this year. As of March 23, 2022, Microsoft had committed $35 million to help Ukraine, part of which is in the form of cybersecurity assistance.

Microsoft has had previous run-ins with Strontium. In November 2020, the company detected attacks that targeted COVID-19 research. Strontium was one of the groups connected to those attacks.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at