Russian hackers became notorious across the world following the cyberattacks against political groups during the 2016 US presidential election, but technology giant Microsoft has found a novel way of fighting back: reclaiming its hijacked web domains via the federal courts.
Moscow's state hackers have a wide variety of tools at their disposal to hack into the computer networks of adversaries, but each operation is typically managed with the use of fraudulent website domains that direct to command and control (C&C) services hosting malware.
As first reported by The Daily Beast, this is what Microsoft's tech-savvy experts are now targeting in an attempt to disrupt the clandestine activity of one Russian group, dubbed "Fancy Bear".
Since August 2016, the US company has reportedly used legal means to regain control of 70 C&C servers.
Fancy Bear, which numerous cybersecurity firms claim has links to Russian state interests, registers slightly misspelled domain names to fool victims into thinking they are real. These could include the likes of "livemicrosoft[.]net" or "micr0soft[.]com.
The legal filings show how Microsoft has argued that such domains are being used by hackers to directly harm its customers, in violation of the Computer Fraud and Abuse Act (CFAA). It has accused the group of everything from "cybersquatting" to trademark infringement.
Once control is taken back, Microsoft would gain unprecedented access into the state group, while protecting its customers from being compromised. As previously reported, Fancy Bear – also known as Strontium – targets governments, politicians, charities and large businesses.
The Daily Beast said that as Microsoft started to take back the domains, Fancy Bear quickly fought back by registering new names online. The court filings show that Microsoft's legal team has been emailing the hackers' email addresses they used to register the domains – to no response.
"Microsoft alleges that Defendants have violated Federal and state law by hosting a cybercriminal operation through these internet domains, causing unlawful intrusion into [...] computers and computing devices; and intellectual property violations," the legal complaint reads.
"Microsoft seeks a preliminary injunction directing the registries associated with these internet domains to take all steps necessary to disable access to [...] these internet domains to ensure that changes or access to the internet domains cannot be made absent a court order."
Microsoft does not specifically namecheck Russia in its lawsuit, however refers to the defendants as Strontium, the title it has designated to Fancy Bear. Last year, the group hit the headlines after allegedly infiltrating the US Democratic National Committee (DNC) and leaking emails.
Security experts said the approach could result in real disruption as the domain-hijacking would increase the state hackers' operational costs. "The more that they have to redo their infrastructure, the better," Kyle Ehmke, a senior researcher at ThreatConnect told The Daily Beast.
The US intelligence community has officially accused Russia of attempting to influence its election process in an attempt to discredit democratic candidate Hillary Clinton and aid the ascent of her closest rival – and now-president – Donald Trump. It's a claim the Kremlin has denied.