Microsoft is using a different strategy in its battle against Fancy Bear, a hacking group that is believed to be connected to Russia’s intelligence agency GRU.
The tech giant is using lawyers—or more specifically a federal lawsuit—to identify new targets of the Russian government’s cyber spying operations as well as the group’s command-and-control servers, which are used to direct malware to victim computers, The Daily Beast reported.
Microsoft sued Fancy Bear last year in a federal court, alleging the hacking group infringed on the company’s trademarks as well as other accusations, including computer intrusion and cybersquatting.
Get Data Sheet, Fortune’s technology newsletter.
The Daily Beast details how the legal action was used to target and take control of 70 of Fancy Bear’s command-and-control servers.
Here’s how it Microsoft’s strategy worked: Fancy Bear rents servers from data centers. Microsoft (MSFT) was granted control over the Internet domain names that route to these servers. When an infected computer tries to contact one of the Russian hackers’ command-and-control servers through one of these domains, it’s instead routed to a Microsoft-controlled server, which gives the Redmond, Wash.-based company control as well as a view of this network of spies.
Fancy Bear is believed to be responsible for a number of cyber attacks, including on NATO, the Democratic National Committee, and German parliament. The hacking group, which Microsoft refers to in-house as Strontium, is just one of the many threats the software company is battling.
