Microsoft has launched a legal attack on Fancy Bear, the Russian hacker group famous for meddling in the US elections last year.
The company has sued the collective in federal court in Washington for concerns as diverse as computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks, allowing Microsoft to take over their command and control servers used to control their bot nets.
Calling it “the most vulnerable point” in Fancy Bear’s espionage operations, the strategy has allowed Microsoft to take control of 70 different command-and-control points, including redirecting malicious domain names such “livemicrosoft[.]net” or “rsshotmail[.]com,” cutting off the hackers from their victims, and giving Microsoft a full view of the inner workings of the bot nets.
“In other words,” Microsoft outside counsel Sten Jenson explained in a court filing last year, “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”
Microsoft has been a historical target by Fancy Bear, and Microsoft is applying for permanent injunction against the collective, allowing for a default judgement in the future.
The innovative strategy is just one of many methods Microsoft is using to try and secure Windows users. Read more about their cybersecurity efforts here.