Microsoft says it began detecting “destructive cyberattacks directed against Ukraine’s digital infrastructure” several hours before the Russian military began launching missiles or moving tanks into the country last week.
The disclosure Monday, part of a larger blog post about Ukraine by Microsoft President Brad Smith, provides a glimpse of how cyber-warfare is being used as part of the ongoing invasion. The company says it is giving ongoing guidance to the Ukrainian government about cyberthreats as the situation unfolds.
Smith also outlined the company’s efforts to combat state-sponsored disinformation campaigns, ensuring that its platforms are not displaying or distributing any content or apps from Russia’s state-sponsored RT and Sputnik news organizations, in line with a recent European Union decision.
He wrote that there’s “a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust,” he wrote.
The cyberattacks, for their part, include a new malware package, which Microsoft calls FoxBlade. It’s a trojan that can surreptitiously use a victim’s PC for distributed denial of service attacks. Microsoft says it updated its Windows Defender anti-malware service to protect against FoxBlade within three hours of the discovery.
The attacks have been “precisely targeted,” not as widespread as in the 2017 NotPetya attacks against the country, Smith wrote. However, he added, Microsoft is “especially concerned” about cyberattacks against civilian targets in Ukraine, in areas including financial services, agriculture, emergence response, humanitarian aid, and the energy sector.
“These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them,” Smith wrote. “We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.”
Smith wrote that Microsoft is sharing “appropriate information” with NATO officials in Europe and America. The company has unique insights into cybersecurity threats due to the global scale of its technology, and its Microsoft’s Threat Intelligence Center operations.
“One of our principal and global responsibilities as a company is to help defend governments and countries from cyberattacks,” he wrote. However, he added, “it’s important to note that we are a company and not a government or a country.”