Microsoft has proven itself to be an unlikely vigilante in the ongoing international cyberespionage story. The company started out suing the hacking group Fancy Bear for using domain names that violated Microsoft's trademarks, and in doing so unearthed an extensive network of command-and-control servers.
Via domains such as 'livemicrosoft.net' or 'rsshotmail.com', hackers are able to communicate with malware installed on targeted computers. But once the domains are back under Microsoft's control they're redirected back from Russian servers, giving the company a bird's-eye view of Fancy Bear's server network. Since August, Microsoft has taken over 70 different command-and-control points from Fancy Bear using this lawsuit.