Author: Mathew J. Schwartz / Source: Bank Info Security
Anti-Malware , Breach Preparedness , Data Breach
To battle alleged Russian hackers, Microsoft has moved to strip them of the command-and-control domains they use to stage their attacks and exfiltrate data.
See Also: IoT is Happening Now: Are You Prepared?
To do so, however, Microsoft isn’t hunting the attackers down. Instead, it’s taking them to court.
“There’s an old saying that litigation is war by other means,” cybersecurity attorney Mark Rasch, who in 1991 created the Computer Crime Unit at the U.S. Department of Justice, tells Information Security Media Group.
Call it death by a thousand domain name seizures.
Here’s how it works: Microsoft last year launched a civil action again unnamed hacker “John Does” tied to the “internet-based cyber-theft operation referred to as ‘Strontium,'” according to recently unsealed court documents that have been helpfully released online by the technology giant.
Strontium – aka APT28, Fancy Bear, Pawn Storm, Sednit, Sofacy, and the Tsar Team – is the name of a group of cyber-espionage hackers who appear to be tied to the Russian government. The group has been connected to attacks related to the 2016 U.S. presidential election, the recent French elections, other governments, as well as NATO, among many others (see Tainted Leaks: Researchers Unravel Cyber-Espionage Attacks).
To disrupt the attack infrastructure used by the group, Microsoft alleges in court documents that Strontium has created command-and-control domains tied to its attacks, which often involve spear phishing, that are “designed to cause harm to Microsoft, its customers and licensees, and the public.” The technology giant is alleging that the attackers have violated a number of statutes, including the Computer Fraud and Abuse Act and the Electronic Communication Privacy Act. In a novel move, it’s also alleging trademark violations, and that the attackers have by imitating various Microsoft properties – including Windows, Outlook and OneDrive – in an effort to deceive users.
Microsoft says it’s attempted to notify Strontium via a range of email addresses that the group is known to use. And if the hackers want to contest the charges,…
Click here to read more