Microsoft is Turning the Tables on Russian Hackers with Lawyers

Microsoft Launches Project Spartan Bounty

Microsoft is beginning counter measures against the alleged state-sponsored Russian hacking group known as Fancy Bear.

Linked with Russia’s covert military intelligence agency, Fancy Bear is commonly known for allegedly being the perpetrator of last year’s Democratic National Convention hack. According to the Daily Beast, the hacker group was sued in a federal court outside Washington DC by attorneys for software and technology giant Microsoft. The hacker group has been accused of computer intrusion, cybersquatting and infringing on Microsoft’s trademarks.

The lawsuit, the report describes, isn’t to get the hackers into court. Instead, the action is one wherein Microsoft is targeting the command-and-control servers belonging to the Russian hackers. Microsoft sees this as the “the most vulnerable point” in Fancy Bear’s espionage operations.

Indeed, Microsoft has already used the lawsuit to take control of 70 unique command-and-control points away from Fancy Bear. Rather than taking physical custody of the servers rented by Fancy Bear in data centers around the world, Microsoft has been busy accumulating the Internet domains that route the traffic to them. Addresses like “livemicrosoft[.]net” which are under the control of Fancy Bear for a mere $10 is now being redirected from Fancy Bear’s servers to Microsoft’s infrastructure. This gives Microsoft a direct, transparent line of sight of that servers’ network of malicious actors.

“In other words,” Microsoft outside counsel Sten Jenson said in a court filing last year, “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”

Further, the report adds that Microsoft hasn’t explicitly mentioned Russia or Fancy Bear in its lawsuit, instead describing the hacker group as a “sophisticated and well-resourced organization.”

It remains to be seen how much longer Microsoft will continue to disrupt the malicious hacking groups’ operations before the latter change their tact.

Image credit: Wikimedia.