Fancy Bear is a specialized cyber espionage group, believed to be sponsored by the Russian government, and serves the political interests of the Russian government. While the most notorious exploit credited to them is the leaking of Hillary Clinton's emails to help gain traction for Donald Trump during the United States 2016 Elections.
The hacking group is known by other aliases such as: APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM, albeit the name "Fancy Bear" didn't originate from the group, but was derived from a coding system that security researcher, Dmitri Alperovitch used to identify them.
Microsoft’s legal team had carried out several lawsuit against Fancy Bear for reserving domain names that violated Microsoft trademarks.
Fancy Bear, ironically has mostly targeted Windows with its malware, and has heavily related to Microsoft products when choosing domain names — thus giving Microsoft a ground in the lawsuit.
While a faceless group can’t be exactly dragged to court, the lawsuit served to grant Microsoft rights to help it hijack some of Fancy Bear’s servers. Which Microsoft was able to take over at least 70 different Fancy Bear domains, many of which serve as the “command-and-control” points.
Instead of getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them.
And Microsoft on gaining control, redirect the domains from Russia’s servers to the company’s, thereby cutting off the hackers from their victims, and giving Microsoft an absolute view of their automated servers’ network.
These servers act as spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.
