Russia’s invasion of Ukraine has plunged multinationals into a new paradigm: They can no longer remain neutral in geopolitical issues. Nor can they content themselves with issuing statements repeating platitudes about emergency and humanitarian aid.
They sometimes must act, taking sides and strong measures.
Microsoft (MSFT) – Get Microsoft Corporation Report has decided to suspend sales of its products and services in Russia. It also committed more than $35 million to support humanitarian assistance and relief efforts for Ukraine.
These decisions followed economic sanctions imposed on Moscow by NATO, intended to isolate it from the global economy. Many Western companies and banks have pulled out of the country.
Disrupting Espionage Activity of a Hacker Group
“Our support for Ukraine is steadfast,” Brad Smith, vice chairman and president of the software giant, said in March. “We’ve increased our humanitarian aid, continue to detect and defend against cyber threats, provide disaster response, and connect millions through free Skype service.”
Microsoft has also decided to donate part of the earnings related to the game Fortnite on its Xbox game console. The company, co-founded by Bill Gates and Paul Allen, also decided to concentrate on Russian cyberattacks, which multiplied before and since the invasion, in particular against Ukrainian infrastructure and institutions.
On this specific point, Microsoft has just made an announcement that risks arousing the wrath of Russian President Vladimir Putin and his entourage.
“Today, we’re sharing more about cyberattacks we’ve seen from a Russian nation-state actor targeting Ukraine and steps we’ve taken to disrupt it,” the software giant wrote in a blog post. “We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years.”
Strontium is Microsoft’s label for a group others often call Fancy Bear or APT28. The group is connected to the GRU, the intelligence arm of the Russian military.
Scroll to Continue
Microsoft said it was able to disrupt some of Strontium’s attacks on targets in Ukraine:
“On [Wednesday, April 6], we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks.
“We have since redirected these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.”
According to Microsoft, the cyberespionage group was using this infrastructure to target Ukrainian institutions, including media organizations. It was also, the company said, targeting government institutions and think tanks in the U.S. and the European Union.
“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” the company said. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”
Since Russia invaded Ukraine on Feb. 24 “we have observed nearly all of Russia’s nation-state actors engaged in the ongoing full-scale offensive against Ukraine’s government and critical infrastructure, and we continue to work closely with government and organizations of all kinds in Ukraine to help them defend against this onslaught,” added Microsoft.
It promised a “more comprehensive look” at the scope of the cyberwar in Ukraine in the coming weeks.
The war, entering its seventh week, has already killed hundreds of people and displaced millions.