Microsoft gets domain names from state hackers through lawsuit
Microsoft has acquired domain names through lawsuits that state hackers allegedly used in operations. Microsoft then links the domain names to its own servers, so that the state hackers lose a c&c point.
Microsoft filed a lawsuit last year against an “advanced organization that has good resources” without publicity. The term refers to state hackers and The Daily Beast, which reports on the case, assumes that it concerns the Fancy Bear group, which acts on behalf of Russia. The charges are that the group is guilty of computer trespassing, cybersquatting and infringement of Microsoft trade names.
The group used domain names such as ‘livemicrosoft.net’ or ‘rsshotmail.com’ for the command & control servers in hacking operations. Because the group focuses heavily on Windows and often uses names associated with Microsoft products, the software maker has a legitimate interest. By taking possession of the domain names, Microsoft can direct connections to its own servers. “Any time an infected computer tries to contact a command and control server through one of its domains, it will connect to a Microsoft-managed, secure server instead,” a Microsoft attorney said in the legal statement. documents.
The first requests submitted by Microsoft in July last year involved 22 domain names. This also included the domain name actbleus.com, which Russian state hackers allegedly used to hack into Democratic party systems, according to security companies. The assignment of Microsoft’s demands led to a cat-and-mouse game with the group, which kept registering new domain names.
In March of this year, the counter of domain names that have now come into the hands of Microsoft stood at seventy, obtained through five additional requests. Despite Microsoft’s investigations of registrars, webmail providers, hosting companies and payment service providers, we were unable to identify the applicants. The subpoenas were sent by e-mail, but never got a response. Microsoft is now proactively attempting to assign domain names if the group registers domain names with references to Microsoft. The company has prepared a list of 9,000 names that have a chance of being registered by the state hackers.