Microsoft says it uncovered a new malware strain in Ukraine hours before invasion began

Microsoft has revealed that it discovered a new malware strain just a few hours before Russia began its invasion of neighboring Ukraine.

In a new blog post, the software giant explained that one of its principal responsibilities as a software and cybersecurity company is to help defend both governments and countries from cyberattacks. As such, Microsoft has been paying close attention to the events going on in Ukraine.

Microsoft’s Threat Intelligence Center (MSTIC) has been monitoring the situation closely and several hours before Russia’s invasion of Ukraine began, it detected a new round of cyberattacks targeting the country’s digital infrastructure.

In addition to advising the Ukranian government on the matter, Microsoft’s security team identified the use of a new malware package, which it has dubbed FoxBlade, and provided technical advice on the steps needed to prevent falling victim to it. In fact, within three hours, signatures used to detect FoxBlade activity were added to Microsoft Defender to help defend against this new threat.

Precisely targeted cyberattacks

Over the course of the past few days, Microsoft has provided both threat intelligence and defensive suggestions to Ukrainian official regarding attacks on a range of targets including Ukrainian military institutions, manufacturers and several other government agencies.

According to Microsoft, these ongoing cyberattacks have been precisely targeted and the company hasn’t seen the use of indiscriminate malware technology across Ukraine’s economy and beyond its borders since the NotPetya attack in 2017.

The company also remains concerned regarding recent cyberattacks on civilian digital targets including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts and energy sector organizations in Ukraine. These attacks on civilian targets raise serious concerns under the Geneva Convention which is why Microsoft has shared all of the information it has on them with the Ukrainian government.

Besides cyberattacks, there have also been efforts to steal a wide range of data including health, insurance and transportation-related personally identifiable information (PII) from Ukrainian citizens.

We could potentially hear more from Microsoft on its cybersecurity efforts in Ukraine if cybercriminals and nation state hackers alike continue to target the country and its citizens.