Skip to main content

Microsoft wins court case against Russian hackers, can take over their servers

A hand on a laptop in a dark surrounding.
Microsoft scored a major legal victory that will hopefully allow it to take better care of its users’ online safety. A group of Russian hackers called Fancy Bear has been hit with a court injunction that forbids it from using the company’s trademarks or hacking systems running Windows.

The U.S. District Court for the Eastern District of Western Virginia will enforce a permanent ban on the group’s use of malicious software or code to infect the company or its users’ systems, according to MSPowerUser. This is not just a case of hackers being given a slap on the wrist, as Microsoft is being empowered with special permissions to address the situation proactively.

Fancy Bear — otherwise known as Strontium, among other monikers — used several sites that purported themselves as official Microsoft domains, including and The company is being given legal permission to take “command and control” of these sites, in order to scrub them from the internet.

The sites were commonly used in phishing attacks that would attempt to procure the user’s personal credentials or install malicious software on their PC. By taking control of these domains, Microsoft should be able to make it much more difficult for Fancy Bear to carry out its illegal activities.

“Any time an infected computer attempts to contact a command and control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server,” explained Microsoft threat intelligence manager Jason Norton in a court filing submitted in August 2016. “While it is not possible to rule out the possibility that the Strontium defendants could use fallback mechanisms to evade the requested relief, redirecting this core subset of Strontium domains will directly disrupt current Strontium infrastructure, mitigating risk and injury to Microsoft and its customers.”

Work has already begun to get rid of these predatory sites, with more than 70 different command and control points being seized this month. However, this is a massive undertaking that will take some time to complete — Microsoft has identified thousands of domains that need to be addressed.

This is not the first time that Microsoft has had to deal with the actions of Fancy Bear. In November, the company accused the group of having taken advantage of a zero-day Flash and Windows kernel vulnerability to prey on its users.

Editors' Recommendations