UPDATED 18:04 EST / JULY 21 2017

INFRA

Microsoft fights Russian hackers not with tech, but with lawyers

Russia has become a hotbed for cyberthreats over the years, but Microsoft Corp. thinks it has found a solution to the elusive Russian hackers: lawyers.

Microsoft has put its powerful legal resources toward fighting Fancy Bear, a cyberespionage group that is allegedly sponsored by the Russian government, The Daily Beast reported.

Microsoft filed a lawsuit last year against Fancy Bear, accusing the group of cyberintrusion and other crimes against the company. The hackers may never see the inside of a U.S. courtroom, but Microsoft is not actually interested in the individual attackers. According to the report, Microsoft has been slowly building a legal case against Fancy Bear in order to go after the group’s command-and-control servers, which Microsoft says is “the most vulnerable point” in the hacker group’s organization.

The command-and-control servers are essentially the master brains that control the computers that have been compromised by Fancy Bear’s malware. By going after the servers, Microsoft is trying to cut the head off Fancy Bear’s botnets and prevent the group from being able to access its resources. Through the lawsuit, Microsoft has reportedly been able to gain control of at least 70 of Fancy Bear’s command-and-control systems by taking over the domain names that route to them and redirecting the commands to a secure, Microsoft-controlled server.

Microsoft has had a few run-ins over the years with Fancy Bear, which the company refers to by the codename Strontium. Last year, for example, Microsoft exec Terry Myerson released a note saying that Fancy Bear used a zero-day exploit, or one that had not yet been discovered, in a Windows 10 update to run a low-volume spear-phishing campaign against Windows users. Spear-phishing involves sending emails to people that appear to come from people they know.

Microsoft is far from the only victim of the hacker group. Since at least 2007, Fancy Bear has reportedly been responsible for numerous attacks on government and corporate systems around the world, including multiple attacks on elections in the U.S., France, Germany and possibly other countries. Most notoriously, the group is also responsible for last year’s attacks on the Democratic National Committee.

In a security profile of Fancy Bear, Microsoft calls the group “a highly resilient threat,” and the company notes that Fancy Bear “isn’t choosy with its targets, [but] it is persistent.”

Microsoft has plenty of reason to go after Fancy Bear, as the group primarily targets Windows users through vulnerabilities in the operating system. This obviously looks bad for Microsoft, especially at the corporate level where compromised computers can expose customer information or take down vital company systems.

Although Microsoft has made some progress in taking down Fancy Bear’s servers, the company has so far been unsuccessful in tracking down any of the actual hackers.

Photo: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU