Cyberattacks on Ukraine launched hours before Russian invasion, according to Microsoft

Sicherheit (Pexels, allgemeine Nutzung)[German]Microsoft has disclosed some information about cyberattacks on facilities in Ukraine as of February 28, 2022. According to the U.S. vendor, the cyberattacks began hours before Russian troops entered Ukraine, as they were detected via their own telemetry. Microsoft notified the government of Ukraine of these attacks and within three hours updated Microsoft Defender signatures to detect malware in use.


Advertising

Microsoft's president, Brad Smith, published the details of his findings in the blog post Digital technology and the war in Ukraine as of Feb. 28, 2022. Microsoft is helping governments in EU countries, Ukraine and also NATO with new cyber attack intelligence. 

According to Brad Smith, Microsoft's Threat Intelligence Center (MSTIC) detected a wave of cyberattacks on Feb. 24, 2022, the several hours before missiles and tanks were launched toward Ukraine. These were directed against Ukraine's digital infrastructure and were offensive and destructive in nature. Analysis revealed a new malware package that was sent during the attack. Microsoft calls the new malware FoxBlade.

Microsoft immediately informed the Ukrainian government of the cyberattack findings, and provided technical advice on how to prevent the successful installation of the malware. Within three hours of this discovery, signatures to detect this new exploit were written and added to Microsoft Defender's anti-malware engine. Defender then detected this malware and was able to prevent infection.

In recent days, Microsoft has provided Ukrainian authorities with threat intelligence and countermeasure proposals against a number of targets. These include Ukrainian military facilities and manufacturers, as well as several other Ukrainian government agencies. These recent and ongoing cyberattacks have been highly targeted. According to Microsoft, it did not use the indiscriminate malware technology that spread throughout the Ukrainian economy and beyond its borders in the 2017 NotPetya attack.

However, Brad Smith's blog post expresses particular concern about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture, emergency services, humanitarian relief efforts, and energy sector organizations and companies. These attacks on civilian targets are of serious concern under the Geneva Convention, and Microsoft has provided information to the Ukrainian government about each of these attacks.


Advertising

The Ukrainian government has also been provided information on recent cyberattacks through a wide range of data. This includes healthcare, insurance, transportation, and other government data sets. Related information has also been shared with NATO officials in Europe and U.S. officials in Washington.

Microsoft was able to build on the work it has done in recent weeks and months to combat escalating cyber activity against Ukrainian targets. This includes detecting and analyzing new forms of destructive malware, which has already been discussed publicly (see Massive cyberattack on websites in Ukraine & Wiper malware (Feb. 23, 2022)). However, Microsoft avoids naming names to those behind the cyberattacks in its article.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).