Russia has become a hotbed for cyber threats over the years, but Microsoft Corp. thinks it has found a solution to the elusive Russian hackers: lawyers.
US Tech giant Microsoft is going after a Russian hacking group believed to be connected to the country’s intelligence agency GRU and behind several high-profile cyber attacks including on the North Atlantic Treaty Organisation and the Hillary Clinton campaign.
“Microsoft alleges that defendants have violated Federal and state law by hosting a cybercriminal operation through these internet domains, causing unlawful intrusion into Microsoft and Microsoft’s customers’ computers and computing devices; and intellectual property violations to the injury of Microsoft and Microsoft’s customers”.
According to a new report by The Daily Beast, the Redmond tech giant’s suit against the group has disrupted the “command and control” servers that the hackers use to direct their attacks. But this effort hasn’t helped Microsoft identify individual hackers.
“In other words” explains Microsoft outside counsel Sten Jenson, “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server”. Microsoft gained subpoena power in August after Fancy Bear representatives didn’t show up for a court date.
At the heart of the lawsuit is the fact that the group often registers fake Microsoft domains (with names like livemicrosoft.com), from which it communicates with victims and C&C servers.
Microsoft is far from the only victim of the hacker group.
Fancy Bear, also known as “APT28”, “Sofacy”, “Pawn Storm” and “Strontium” has been conducting cyber attacks since 2007.
In a security profile of Fancy Bear, Microsoft calls the group “a highly resilient threat”, and the company notes that Fancy Bear “isn’t choosy with its targets, [but] it is persistent”. Often, control centers will use explicit IPs to avoid issue, but because Fancy Bear chose to infringe on Microsoft’s trademarks, it screwed itself over. This obviously looks bad for Microsoft, especially at the corporate level where compromised computers can expose customer information or take down vital company systems.
