US election hack: Microsoft wins latest round in court against Fancy Bear phishers

A US judge has banned the Fancy Bear hackers from attacking Microsoft's customers.
Written by Liam Tung, Contributing Writer

The Fancy Bear hackers are now "permanently restrained and enjoined" from sending malware to Microsoft's customers and from hacking computers to spy on users. (Image: Jejim/Getty Images)

Microsoft has won its motion for a permanent injunction against the alleged Russian government hacking group known as Fancy Bear or APT28.

Fancy Bear is thought to be responsible for the hacks on the Democratic National Committee (DNC) during the US elections last year. US intelligence believe the group hacked the DNC and leaked emails to WikiLeaks to help Donald Trump win the election.

As The Daily Beast reported in July, Microsoft sued the hackers in a federal court last year, accusing them of hacking, cybersquatting, and infringing on Microsoft's trademarks.

The suit was not aimed at bringing the individuals behind Fancy Bear to court, but rather at seizing the domain names they used to control their malware on infected computers.

The domains the hackers registered included ones that look similar to Microsoft's real domains, such as livemicrosoft[.]net or rsshotmail[.]com.

US district judge Gerald Bruce Lee authorized Microsoft to take over dozens of these domains so that infected computers connect to Microsoft's servers instead of the attackers' machines.

Microsoft had also filed a motion for a permanent injunction against the Fancy Bear hackers, which the court ruled on yesterday in favor of Microsoft.

Judge Lee ruled that the hackers are "permanently restrained and enjoined" from sending malware to Microsoft's customers and from hacking computers to spy on users.

Microsoft had sued the hackers as John Doe and served papers to email addresses used to register the domains. Since the hackers never turned up to court proceedings, Microsoft was awarded victory by default.

The proposed default ruling on Microsoft's motion for a permanent injunction notes that Fancy Bear hackers are enjoined from using Microsoft's trademarks and internet addresses in a way that could result in deception of Microsoft's customers.

The injunction covers trademarks and brands like ActiveX, AppLocker, Azure, and Bing, as well as "confusingly similar variants".

Microsoft's suit against Fancy Bear hackers uses tactics seen in lawsuits it used to take down massive botnets, including Rustock and Kelihos.


Fancy Bear strikes again: Russian hackers accessed IAAF athletes' medical data in cyberattack

Confidential medical data about athletes "seems to have been removed from the server" of the world athletics governing body.

Hackers are now using the exploit behind WannaCry to snoop on hotel Wi-Fi

Researchers say the APT28 hacking group has scraped the EternalBlue exploit from Shadow Brokers' public dump and is using it to steal data from hotel guests across Europe.

Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing

Google vows to do more to prevent a repeat of last week's fake Docs phishing attack.

The hackers that never went away: Brace for more state-backed attacks, leaks and copycats this year

Attacks on the US presidential election might just be the beginning; expect more hacking and leaking this year across the globe.

Editorial standards