The U.S. District Court for the Eastern District of Western Virginia will enforce a permanent ban on the group’s use of malicious software or code to infect the company or its users’ systems, according to MSPowerUser. This is not just a case of hackers being given a slap on the wrist, as Microsoft is being empowered with special permissions to address the situation proactively.
Fancy Bear — otherwise known as Strontium, among other monikers — used several sites that purported themselves as official Microsoft domains, including www.microsoftinfo365.com and www.livemicrosoft.net. The company is being given legal permission to take “command and control” of these sites, in order to scrub them from the internet.
The sites were commonly used in phishing attacks that would attempt to procure the user’s personal credentials or install malicious software on their PC. By taking control of these domains, Microsoft should be able to make it much more difficult for Fancy Bear to carry out its illegal activities.
“Any time an infected computer attempts to contact a command and control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server,” explained Microsoft threat intelligence manager Jason Norton in a court filing submitted in August 2016. “While it is not possible to rule out the possibility that the Strontium defendants could use fallback mechanisms to evade the requested relief, redirecting this core subset of Strontium domains will directly disrupt current Strontium infrastructure, mitigating risk and injury to Microsoft and its customers.”
Work has already begun to get rid of these predatory sites, with more than 70 different command and control points being seized this month. However, this is a massive undertaking that will take some time to complete — Microsoft has identified thousands of domains that need to be addressed.
This is not the first time that Microsoft has had to deal with the actions of Fancy Bear. In November, the company accused the group of having taken advantage of a zero-day Flash and Windows kernel vulnerability to prey on its users.
Editors' Recommendations
- With 20,000 sites swallowed up, a botnet is eating WordPress alive
- The internet’s free-wheeling spirit is dying, and we have malware to thank
- Russian hackers are targeting U.S. emails with phishing malware
- Internet-connected hot tubs can be hacked and controlled remotely
- Sennheiser’s flawed headphone software is a Trojan horse hackers could exploit
