“Putin’s Hackers Now Under Attack — From Microsoft”
“Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. The company’s approach is indirect, but effective. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers under aliases for about $10 each. Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies…
Neither Microsoft nor Fancy Bear responded to inquiries for this story. But Microsoft concludes in court filings that its efforts have had “significant impact” on Fancy Bear’s operations. By analyzing the traffic coming to its sinkhole, the company’s security experts have identified 122 new cyber espionage victims, whom it’s been alerting through Internet service providers. On Friday, the company is set to ask Magistrate Judge Theresa Carroll Buchanan for a final default judgment against Fancy Bear, and for a permanent injunction giving Microsoft ownership of the domains it’s seized.
The company is hunkering down for a long fight. “Defendants are persistent in their activities and are likely to attempt to maintain, rebuild, and even grow, their capabilities again and again,” wrote attorney Jenson last month. As part of its motion, Microsoft is asking for the court monitor to stay on indefinitely, with the company paying the bill, and is seeking an order that prospectively seizes from Fancy Bear a number of other Microsoft-themed domains that have never been registered, but which the company’s algorithms suggest the Kremlin’s hackers may use in the future”