US Tech giant Microsoft is going after a Russian hacking group believed to be connected to the country's intelligence agency GRU and behind several high-profile cyber attacks including on the NATO and the Hillary Clinton campaign.
US Tech giant Microsoft is going after a Russian hacking group believed to be connected to the country’s intelligence agency GRU and behind several high-profile cyber attacks including on the NATO and the Hillary Clinton campaign. According to a report in The Daily Beast late on Friday, Microsoft was using lawyers to take on the hacker group known as Fancy Bear — accusing it of computer intrusion, cybersquatting and infringing on Microsoft’s trademarks. “The action, though, is not about dragging the hackers into court.
The lawsuit is a tool for Microsoft to target what it calls ‘the most vulnerable point’ in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers,” the report added. So far, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. Microsoft has “identified over 120 new targets of the Kremlin’s cyber spying and control-alt-deleting segments of Russian President Vladimir Putin’s hacking apparatus, the report added. Microsoft’s approach is indirect, but effective, it said.
“Rather than getting physical custody of the servers, which Fancy Bear rents from data centres around the world, Microsoft has been taking over the Internet domain names that route to them,” the report noted. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers for about $10 each. “Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies, the report said.
A judge in Alexandria, Virginia is scheduled to rule whether to grant Microsoft a permanent injunction against Fancy Bear. Fancy Bear, also known as ‘APT28’, ‘Sofacy’, ‘Pawn Storm’ and ‘Strontium’ has been conducting cyber attacks since 2007. According to the US intelligence findings, Fancy Bear targeted the Democratic National Committee (DNC) and the Clinton campaign as part of Moscow’s efforts to help Donald Trump win the 2016 election.