While the White House mulls striking up a joint cyber program with Russia, an unlikely vigilante is taking care of business. As the Daily Beast reports, Microsoft has been waging a quiet war against the hacking entity known as Fancy Bear, which is believed to be associated with the GRU, Russia’s covert military intelligence agency.
The Daily Beast details how in 2016, Microsoft’s legal team sued Fancy Bear (also known by many other aliases) for reserving domain names that violated Microsoft trademarks. Apparently, in the course of claiming generic domains for its operations, Fancy Bear often selected domains that riff of of Microsoft products and services, inadvertently opening the door to the lawsuit.
While you can’t exactly drag an amorphous, faceless hacking group into court, the lawsuit served one key purpose: it hijacked some of Fancy Bear’s servers. In the last year, Microsoft has taken over at least 70 different Fancy Bear domains, many of which served as “command-and-control” points so the hackers could communicate with the malware they installed on targeted computers.
When a domain flips over into Microsoft’s hands, the company can use it to observe and map Fancy Bear’s server network, which communicates with the Microsoft domains. The result is that the company can indirectly disrupt and observe aspects of a suspected foreign intelligence operation — a pretty clever trick for a tech company to pull off in its spare time.