Microsoft finds end-around to battle Russian hackers Fancy Bear

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Despite the White Houses reluctance to hold Russia fully accountable for meddling in the 2016 US election, Microsoft has taken it upon themselves to begin counter measures to mitigate the power of associate Russian GRU’s Fancy Bear hacking group.

Fancy Bear has been linked to Russia’s covert military intelligence agency on occasion and is believed to be the operating force behind last years Democratic National Convention hack.

Fancy Bear has been conducting cyber espionage since at least 2007, breaching NATO, Obama’s White House, a French television station, the World Anti-Doping Agency and countless NGOs, and militaries and civilian agencies in Europe, Central Asia  and the Caucasus.  Fancy Bear’s most notorious intrusions targeted the Democratic National Committee and the Hillary Clinton campaign last year, as part of Moscow’s efforts to help Donald Trump win the White House, according to U.S. intelligence findings.

However, unlike in the movies, battling Fancy Bear hackers won’t put Microsoft behind a monitor and keyboard chasing code across command prompt screens.

Instead, as The Daily Beast is reporting, Microsoft has been slowly building a legal case to bring Fancy Bear into court for reserving domain names that infringed on the company’s trademark. Admittedly, less thrilling than glamorized cyber terrorism seen on screen, Microsoft’s approach has already produced substantive results.

As of The Daily Beast’s reporting, Microsoft has managed to seize roughly 70 Fancy Bear domains used to conduct presumably nefarious acts such as injecting malware on computers and proliferating the spread of fake news onto social media sites.

Furthermore, seized domains allow Microsoft an interception point as Fancy Bear’s server network relays information to now Microsoft controlled domains. Microsoft’s ability to become the man in the middle now enables the company jump in and disrupt future foreign attacks or hacks when observed.

In other words,” Microsoft outside counsel Sten Jenson explained in a court filing last year,  “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”

As an embattled and courtroom tested company Microsoft’s approach of legal seizure seems well within the company’s purview as well as seemingly coming as a bit of a surprise to the less legally resourceful methods of hackers.

It will be interesting to see how much damage Microsoft can inflict before the hackers alter their methods.

User forum

0 messages