A federal district court judge in Eastern Virginia has granted Microsoft Corporation permission to seize domains that Russian APT group Fancy Bear has historically used to target the software giant and its users.
The default judgement, issued this week, also included a permanent injunction forbidding the threat actors from further engaging in cybercriminal activities against Microsoft. For obvious reasons, representatives from Fancy Bear or the GRU, the Russian intelligence agency to which the APT group is linked, did not appear in court to defend themselves. It was last year that Microsoft originally filed its lawsuit against Fancy Bear, the same APT group that U.S. intelligence agencies have accused of interfering in the 2016 elections.
In his ruling, Judge Gerald Bruce Lee wrote that the defendants (officially referred to as John Does 1 and 2) are "permanently restrained and enjoined from... intentionally accessing and sending malicious software or code to Microsoft and the protected computers and operating systems of Microsoft and Microsoft's customers, without authorization, in order to infect those computers." Fancy Bear, which Microsoft calls Strontium, is also barred from compromising, spying on, or exfiltrating data from the networks of Microsoft customers, misappropriating Microsoft trademarks or Internet Domain addresses, and other malicious activity.
The injunction may in some ways prove a largely symbolic gesture, as Russia has shown little inclination to cease its hacking of U.S. companies, organizations and institutions. Still, the judge ordered any U.S. domain registries hosting any Strontium domains used to infringe on Microsoft trademarks or break into targeted computers and networks ito transfer those domains to the permanent control of Microsoft, and as well as to continue working with Microsoft to "ensure the redirection of the domains and to ensure that defendants cannot use them..."
Domain registries located outside of the U.S. are not mandated to comply, the judge said that the court would "respectfully request" their cooperation as well.