14 DAY TRIAL // Russian hackers have become a major concern for the United States, and Microsoft itself is also trying to develop more advanced protection systems for its customers, especially after the most recent WannaCry and Petya ransomware attacks.
But it looks like the software giant has actually been involved in a silent war for longer than we thought against Fancy Bear, which is one of the most notorious groups of hackers supposedly linked with Russia’s intelligence agency GRU.
A report from the Daily Beast reveals how Microsoft is trying to fight against Fancy Bear not with cyber weapons, but with a more conventional method using a weapon that every company out there has: lawyers.
It turns out that Microsoft has filed several lawsuits against Fancy Bear, and although at first glance this seems to be a waste of time and resources because you can’t fight against an invisible enemy, Redmond has one big goal in mind: receive the permission to take down the domains users by the hackers to launch attacks.
Why taking down the domains makes sense
Specifically, the command and control servers that Fancy Bear hackers use in their attacks, and which Microsoft describes as “the most vulnerable point” of the group, are rendered obsolete after the company takes control of the domains.
Shutting down the servers is substantially more difficult because hackers rent them from various data centers across the world, so instead, Microsoft takes down domains that are being used to direct traffic to these servers.
Microsoft finally got a reason to move the whole thing to court when Fancy Bear hackers started using domains violating its copyright, such as livemicrosoft[dot]net and rsshotmail[dot]com, so it files complaints against no less than 70 different domains that were owned by the Russian group.
And that is not all. Microsoft not only that takes down the down the domains, but it also starts monitoring their activity, in an attempt to collect more evidence on Fancy Bear attacks and discover information that could help determine more details about the hackers and prevent further attacks.