Microsoft says it found a new malicious package – which it calls “FoxBlade” – hours before Russia began its invasion of Ukraine on February 24.
In a blog postMicrosoft President Brad Smith said he was coordinating efforts to protect users in Ukraine with the Ukrainian government, the European Union, European countries, the US government, NATO and the United Nations.
“Several hours before the missile launch or tank movement on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new series of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately informed the Ukrainian government of the situation, including our identification of the use of a new malware package (which we called FoxBlade) and provided technical advice on what steps to take to prevent the malware from succeeding said Smith.
“Over the past few days, we have been providing threat intelligence and defensive suggestions to Ukrainian officials… This work is ongoing.”
Smith noted that the cyberattacks on Ukraine seen by Microsoft have been extremely targeted and not as widespread as the 2017 NotPetya attack.
But Smith said Microsoft had recently witnessed cyberattacks against “Ukrainian civilian digital targets, including the financial sector, the agricultural sector, emergency response services, humanitarian relief efforts, and organizations and businesses across the country.” energy sector”.
Microsoft also notified the Ukrainian government of efforts to steal data from government sources, including health care information, insurance data, transportation data, and other personally identifiable information.
In addition to its efforts to help Ukraine with cybersecurity measures, Microsoft said it is also taking steps “to reduce exposure to Russian state propaganda, as well as to ensure that our own platforms do not fund these operations inadvertently”.
“In accordance with The recent EU decision, the Microsoft Start platform (including MSN.com) will not display any state-sponsored RT and Sputnik content. We’re removing RT news apps from our Windows app store and further downgrading search results for these sites on Bing so that it only returns RT and Sputnik links when a user clearly intends to browse to these pages,” Smith said.
“Finally, we prohibit all advertisements from RT and Sputnik on our ad network and will not place any advertisements from our ad network on these sites.”
“As a company, we are also focused on protecting against state-sponsored disinformation campaigns, which have long been commonplace in wartime. The past few days have seen kinetic warfare accompanied by well orchestrated ongoing in the information ecosystem where the ammunition is misinformation, undermining the truth and sowing the seeds of discord and mistrust.This requires decisive efforts across the entire tech sector – both individually by business and in partnership with others – as well as with governments, academia and civil society.”
Smith added that Microsoft is working with the International Committee of the Red Cross (ICRC) and several UN agencies on refugee support efforts.