Microsoft IDs FoxBlade Malware Attack Hours Before Russia's Invasion of Ukraine
Microsoft is not only voicing support for the Ukrainian people, it's also supplying what aid it can to the European country.
In a blog post on Monday, Microsoft President Brad Smith said that the company stands with Ukraine and is providing technological support to first responders, protecting its employees in the region, supporting humanitarian aid and protecting Ukraine from cyberattacks.
On this final action item, Smith discussed how Microsoft has been providing assistance even before the Russian invasion began late last week:
Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware's success.
Smith said that within hours of spotting the new malware package called FoxBlade, signatures to detect it in Microsoft Defender were added. Further, Microsoft has reached out to the Ukrainian officials on how to defend vital infrastructure from it and other state-sponsored malware attacks.
Microsoft said that unlike the high-profile NotPetya attack on Ukraine in 2017, this operation specifically targeted key infrastructure points. However, it will continue to keep a close eye out for wider-spreading attacks that could target Ukraine's financial sector.
Microsoft also briefed the Ukrainian government on recent cyberattacks, including January's spread of malware WhisperGate, which targeted Ukraine's health care, insurance and transportation sectors, as the wide range of leaked data could be used to leverage further attacks.
"Our broader efforts to watch for cyberattacks is ongoing, and we will continue to advise Ukrainian cyber defense officials and assist them with their defenses," said Smith.
Microsoft is also doing its part to limit the spread of state-sponsored propaganda and reduce avenues for Russia to profit on its platform. The Microsoft Start news aggregator service will curb the exposure of Russian state media. This includes removing the RT news app from the Windows app store, de-ranking Bing search results for RT and Sputnik (another state-sponsored media outlet) and blocking ads from Russian media outlets.
"The past few days have seen kinetic warfare accompanied with a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust," Smith wrote. "This requires decisive efforts across the tech sector -- both individually by companies and in partnership with others -- as well as with governments, academia and civil society."
On the humanitarian side, Microsoft said it has activated the Microsoft Disaster Response Team to help aid first responders with technology support and is working closely with the International Committee of the Red Cross (ICRC) to provide whatever is needed to aid the Ukrainian people. It's also matching all donations by employees to humanitarian groups currently on the ground, including ICRC, UNICEF and Polish Humanitarian Action.