ALEXANDRIA, Va. (CN) — In a federal complaint against a hacker collective, Microsoft charges that Strontium as a cyber-theft operation waging an international campaign of malware and virus attacks on public and private servers.
Strontium “specializes in targeting, hacking into, and stealing sensitive information from high-value computer networks,” according to the Aug. 3 complaint.
“Microsoft customers in both the private and public sectors, including businesses in a variety of industries, diplomatic institutions, political organizations, including military organizations in the United States, Europe and Asia” are the hacker’s primary focus, the complaint says.
For the defendants, making off with private user data appears to be a simple process. Microsoft’s attorneys claim, that in almost every case hackers send bogus emails to Microsoft account holders alerting them that a password change was needed.
At other times, the Trojan horse-type messages were perfect “examples of spear phishing emails,” the complaint said, where emails would “contain news information and ostensibly a link to the rest of the article that Strontium felt would be of interest to the recipient,” the complaint said.
Once the link is clicked, the user’s computer is then forcibly connected to a website controlled by Strontium which is designed to infect the user’s computer. Described in the complaint as a “backdoor computing device” with multiple functions, “the attacker can deploy a large set of tools to perform tasks including key logging, email address and file harvesting, information gathering about local computing devices and remote communication” with other hacker servers.
Microsoft also charges that Strontium uses a component which is “designed to infect connected USB storage devices, so that information can be captured from air-gapped computers that are not on the network when a user transfers the USB device to the air-gapped computer and then back to the network again.”
An air-gapped computer is one that has not been connected to the internet at any time and as such remains isolated from unsecure networks.
Microsoft contends that in carrying out these malicious activities, the hackers have violated several elements of the Computer Fraud Abuse Act, the Electronic Communications Privacy Act and the Anti-Cybersquatting Consumer Protection Act.
In addition, the hackers broke a variety of trademark protections, Microsoft said.
The complaint claims the defendants used domain names that were purposefully similar to that of the plaintiff’s in order to fool potential victims into opening corrupted emails with virus-laden links. The phony domain names also helped the hackers avoid detection by Microsoft’s own team of internal anti-hacker trawlers.
According to the complaint, Strontium disguised itself further by “incorporating the names of domains and trademarks of many well-known companies and organizations including Intel, Adobe [and] AOL among others.”
Domain servers meant to confuse users included securemicrosoftstatistic.com, microsoftcorpstatistic.com, microsoftdccenter.com, microsoftsecurepolicy.org, outlook-security.org, rsshotmail.com; onedrivemicrosoft.com and msmodule.com.
Why the hackers chose to name their collective “Strontium” is unknown, but could be relevant to their cause.
In addition to being a highly reactive metal, Strontium Dog was a long-running comic published in a British science fiction weekly magazine in the late 1970s. The comic told the story of a hyper intelligent, mutant bounty hunter who could use his powers to see through objects and use brainwave patterns to access private thoughts.
Microsoft seeks a declaratory judgment against the hackers asserting that they acted fraudulently, maliciously and only in order to enrich themselves as they harvested private data.
Microsoft also seeks permanent injunctive relief, forcing the defendants to return all of the illicitly obtained private information and hand over control of the domain names used in the scheme.
Microsoft attorney Sten Jensen did not immediately respond to calls seeking comment, and Microsoft spokesman David Cuddy said that no comments would be made on the record regarding this case at this time.