Microsoft describes the hacking group Strontium as “a Russian GRU connected actor.”

The GRU is Russia’s military intelligence service.

Strontium was using this infrastructure to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy. We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken.

Source: Disrupting cyberattacks targeting Ukraine – Microsoft On the Issues