Microsoft has proven itself to be an unlikely vigilante in the ongoing international cyberespionage story. The company started out suing the hacking group Fancy Bear for using domain names that violated Microsoft’s trademarks, and in doing so unearthed an extensive network of command-and-control servers.
Via domains such as ‘livemicrosoft.net’ or ‘rsshotmail.com’, hackers are able to communicate with malware installed on targeted computers. But once the domains are back under Microsoft’s control they’re redirected back from Russian servers, giving the company a bird’s-eye view of Fancy Bear’s server network. Since August, Microsoft has taken over 70 different command-and-control points from Fancy Bear using this lawsuit.
Fancy Bear — also known as Pawn Strorm, Stronium and Sofacy — has been carrying out cyberespionage since at least 2007. Over the last decade it’s targeted multiple high-profile organisations including NATO, Obama’s White House, TV stations and military agencies throughout Europe. Its most notable intrusion came last year when it targeted the Clinton campaign, reportedly as part of Moscow’s bid to help Trump win the presidency. Russia hasn’t been named specifically in Microsoft’s lawsuit but US intelligence findings have identified Fancy Bear as a part of Russia’s intelligence activity.