Skip to main content

Microsoft takes over domains controlled by Russia-based cybercriminal group Strontium

Microsoft Logo 2022
Microsoft Logo 2022 (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft took control of seven internet domains to obstruct the efforts of Russia-based cybercriminal organization Strontium.
  • Strontium was using the domains to target media organizations in Ukraine and government institutions in the United States and European Union.
  • Microsoft received a court order to take over the domains and has used similar tactics in the past to combat Strontium.

Microsoft recently took over (opens in new tab) seven domains connected to the Russia-based cybercriminal organization Strontium. The domains were used to target media organizations in Ukraine as well as government institutions in the United States and European Union that were involved in foreign policy. Microsoft received a court order on April 6, 2022 that allowed the company to seize the domains, which have since been redirected to a sinkhole controlled by Microsoft.

Microsoft has worked to stop Strontium for several years. To date, the tech giant has seized over 100 domains that were once controlled by the Russia-based cybercriminal group.

"This disruption is part of an ongoing long-term investment, started in 2016, to take legal and technical action to seize infrastructure being used by Strontium," said Microsoft Corporate Vice President of Customer Security & Trust Tom Burt. "We have established a legal process that enables us to obtain rapid court decisions for this work. Prior to this week, we had taken action through this process 15 times to seize control of more than 100 Strontium controlled domains."

Burt called Microsoft's efforts a "small part" of the cybercriminal activity that the company has seen during the ongoing war in Ukraine. Microsoft President Brad Smith discussed how the company was fighting cyberattacks during the war earlier this year. As of March 23, 2022, Microsoft had committed $35 million to help Ukraine, part of which is in the form of cybersecurity assistance.

Microsoft has had previous run-ins with Strontium. In November 2020, the company detected attacks that targeted COVID-19 research. Strontium was one of the groups connected to those attacks.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at (opens in new tab).

  • The good fight
  • I mean, the invasion of Ukraine aside ... attacking Covid-19 research? WTH. These guys act like supervillains. Their motivations - much like Putin's - are absolutely bizarre.
  • Probably trying to steal the vaccine research. US was way ahead of the rest of the world on this, but countries like Russia and China wanted to announce their own vaccines as a matter of national pride. Sending hackers to steal the US research in the hope of accelerating their own efforts would fit with that goal.
  • According to the Microsoft report, that's not what they were doing. They were attacking in order to disrupt Covid response, not to steal information. Other attacks were on healthcare infrastructure. They were from Russia and North Korea, and not from China. And the attacks were on a variety of countries with leading pharmaceutical companies (including India), not just the US. I hope you, unlike Ted Cruz, realize that the Pfizer vaccine was developed in Germany. I wouldn't put money on it, though.
  • But who protects us from the protectors ? . It's not like american 3 letter agencies are saints.