Microsoft Goes After Russian Election Hacker Group Fancy Bear Seizing Control Of 70 Domains
When mischievous hackers cause trouble, the fix sometimes can't be conventional. Microsoft has proven that this week with its move to thwart the efforts of the Russian hacker group "Fancy Bear", whose members have not been unmasked. Fancy Bear was responsible for last year's DNC hack, although politics are not the reason why Microsoft got involved.
To make their attacks seem as normal as possible, Fancy Bear uses a control center that heavily utilizes URLs meant to mimic Microsoft's own; eg: "livemicrosoft.net". Often, control centers will use explicit IPs to avoid issue, but because Fancy Bear decided to infringe on Microsoft's trademarks, it screwed itself over. Microsoft ordinarily wouldn't have had much control here, but when the domains use its trademarks, that changes everything.
Fancy Bear is assumed to be a Russian state-sponsored hacker group
Ultimately, Microsoft severely disrupted Fancy Bear's network by ceasing over 70 domains. Microsoft will now be able to reconfigure these domains to route elsewhere, while at the same time gaining insight into the people or organizations Fancy Bear has been targeting.
Even with its trademarks being infringed upon, Microsoft's journey here has not been easy. In total, it had to submit 52 subpoenas, 46 informal inquiries abroad, and had to go through the effort of tracking down domain names that are hugely obfuscated through the use of Tor and even Bitcoin.
The best part in all of this is how much it disrupts Fancy Bear's work. The group will have to work around this severing, which won't happen quickly (or easily). Microsoft is being proactive, too, seeking approval to seize 9,000 domain names that its algorithms believe Fancy Bear will register next. Has this digital war been won? It's unfortunately far too early to tell, but it sure has gotten a lot more interesting.