Threat Management, Threat Management, Threat Intelligence

Judge rules Fancy Bear APT must forfeit malicious domains to Microsoft

Microsoft v Fancy Bear

A federal district court judge in Eastern Virginia has granted Microsoft Corporation permission to seize domains that Russian APT group Fancy Bear has historically used to target the software giant and its users.

The default judgement, issued this week, also included a permanent injunction forbidding the threat actors from further engaging in cybercriminal activities against Microsoft. For obvious reasons, representatives from Fancy Bear or the GRU, the Russian intelligence agency to which the APT group is linked, did not appear in court to defend themselves. It was last year that Microsoft originally filed its lawsuit against Fancy Bear, the same APT group that U.S. intelligence agencies have accused of interfering in the 2016 elections.

In his ruling, Judge Gerald Bruce Lee wrote that the defendants (officially referred to as John Does 1 and 2) are "permanently restrained and enjoined from... intentionally accessing and sending malicious software or code to Microsoft and the protected computers and operating systems of Microsoft and Microsoft's customers, without authorization, in order to infect those computers." Fancy Bear, which Microsoft calls Strontium, is also barred from compromising, spying on, or exfiltrating data from the networks of Microsoft customers, misappropriating Microsoft trademarks or Internet Domain addresses, and other malicious activity.

The injunction may in some ways prove a largely symbolic gesture, as Russia has shown little inclination to cease its hacking of U.S. companies, organizations and institutions. Still, the judge ordered any U.S. domain registries hosting any Strontium domains used to infringe on Microsoft trademarks or break into targeted computers and networks ito transfer those domains to the permanent control of Microsoft, and as well as to continue working with Microsoft to "ensure the redirection of the domains and to ensure that defendants cannot use them..."

Domain registries located outside of the U.S. are not mandated to comply, the judge said that the court would "respectfully request" their cooperation as well.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Record low ransomware payment prevalence observed

Only 28% of ransomware attack-hit organizations have fulfilled their attackers' extortion demands during the first three months of 2024, which is the lowest on record, potentially due to increased protective measures and mounting legal concerns stemming from paying such demands, BleepingComputer reports.

New tool used in China-linked attacks against Asia-Pacific

Intrusions with the Waterbear backdoor and its updated variant dubbed "Deuterbear" have been deployed by China-linked threat operation BlackTech — also known as Earth Hundun, Manga Taurus, Circuit Panda, Temp.Overboard, Palmerwom, Red Djinn, and HUAPI — against government, research, and technology organizations across the Asia-Pacific, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.