Enlarge image
Cyber attack (icon image)
Photo: Kacper Pempel/ REUTERS
According to the American Microsoft group, attacks by Russian hackers on facilities in Ukraine, Europe and the USA have been interrupted.
Microsoft announced this in a blog post on Thursday.
According to this, the US group had already taken control of seven Internet domains on Wednesday, from which the attacks are said to have been carried out.
According to Microsoft, the hacker group Strontium, also known by the names APT28, Sofacy, PawnStorm and Fancy Bear, is behind the espionage attacks.
The hackers are said to have connections to the Russian secret service and have repeatedly made headlines in recent years with major cyber attacks.
more on the subject
Warning to the federal government: cyber attacks on German "high-value targets" could start soon
The current targets of the hackers have included the media and government agencies.
When asked by SPIEGEL, Microsoft did not say whether organizations in Germany were also affected.
With the help of a judicial decision, the company was able to take over the domains in question.
"We assume that Strontium tried to gain long-term access to the systems of the targets in order to tactically underpin the physical invasion and to read out secret information," the blog post says.
The Ukrainian government was informed about the alleged attacks and Microsoft's countermeasures.
Hacker attacks diverted to the siding
To let the attacks fizzle out, Microsoft used a trick.
The hackers' data stream was diverted from the hijacked domains into a so-called »sinkhole«.
This means: The hackers get a fake response to their attacks.
The information sent back by the alleged victims - such as the IP addresses of computers - does not really come from a PC in a government office or from an editorial office's newsroom.
Instead, the attackers are sent data from the sinkhole's servers that simulate a successful attack.
In this way, these servers absorb the force of the attacks, letting them fizzle out into virtual nothingness.
The attacks are therefore in vain, while they are logged at the same time.
In this way it was possible to prepare the targets of the attacks for the attacks and to mitigate the effects.
The Federal Office had already warned of hacker attacks on targets in Germany almost a month ago.
Companies should make their employees aware of the dangers of phishing emails and prepare their IT for cyber attacks.
The hacker group APT28 has been suspected of carrying out orders from the Russian secret service for years.
Their targets included the US Democrats in the 2016 presidential campaign and the Organization for Security and Co-operation in Europe (OSCE).
The massive hacker attack on the Bundestag in 2015 is also attributed to APT28.
At the time, the hackers paralyzed Parliament's entire IT infrastructure and infected office PCs with spy software.
In the case of hacker attacks, it is often difficult to pinpoint the perpetrators.
But in view of the indications of the attack on the Bundestag, the government officially accused the group at the time.
Moscow has never commented on the allegations.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
