Microsoft Took Control of Six Domains Associated with APT28

On August 20, Microsoft disclosed that it disrupted a hacking campaign believed to be conducted by APT28, also known as Fancy Bear, an advanced persistent threat (APT) group associated with the Russian military intelligence service GRU. Microsoft’s Digital Crimes Unit executed a court order to transfer control of six internet domains attributed to APT28. The seized domains mimicked legitimate organization websites and it is believed that the domains were intended to be used in spear-phishing operations. Microsoft has taken down 84 domains associated with APT28 in the past two years. The NJCCIC recommends users review recent articles detailing hacking attempts aimed at US elections (12) and ensure they are visiting legitimate websites to prevent becoming targets of spear-phishing or credential theft.