Microsoft is currently fighting a behind the scenes war with Russian hacking group, Fancy Bear. The American technology company filed a lawsuit against the hacking group a year ago, in 2016. Of course, the company isn’t physically persecuting the anonymous group in a court of law, but the lawsuit opened the door so Microsoft could begin hacking the group back.
Microsoft has been targeting the most vulnerable servers, that Fancy Bear rents from data centers, known as “command-and-control” points. These vulnerable points allow Microsoft to track and map the communication of the group through their own Malware. However, they do so covertly by simply taking ownership of the Microsoft spin off domain names the group uses. With this control, Fancy Bear is unaware of Microsoft’s interference, while Microsoft blocks the groups access to their victims and monitors the whole network.
In fact, the lawsuit became possible through the very use of the domain names that Fancy Bear has decided to use. The group has a history of using windows for their malware attacks and as such use domain spinoffs such as “livemicrosoft[.]net” or “rsshotmail[.]com”. The association of these domains can cause slander for Microsoft, thus granting a lawsuit by the company. Now that Microsoft has seized 70 different servers, any victim that contacts those sites will be transferred to a safe, Microsoft controlled site.
These hacks by Microsoft are generating high costs to the Fancy Bear, as it has to rebuild its infrastructure each time the group is attacked. This will hopefully slow the group down significantly, and reduce the number of attacks that Fancy Bear can complete. However, Microsoft knows this will be a long battle, and they are preparing to fight back with all they’ve got. All while keeping up with their own products as well.