Microsoft said it began testing “destructive cyber attacks against Ukraine’s digital infrastructure” hours before the Russian military began firing missiles or mobile tanks into Ukraine last week.
Microsoft president Brad Smith revealed the news in a blog post on Ukraine released on Monday, giving us a glimpse of how cyber warfare is being used as part of an ongoing invasion. The company said that as the situation develops, it is providing continuous guidance to the Ukrainian government on cyber threats.
Smith also outlined the company’s efforts to combat state sponsored false information activities and ensure that its platform does not display or distribute any content or applications of Russian state sponsored RT and Sputnik news agencies, in line with a recent EU decision.
“There is a well planned battle going on in the information ecosystem, in which ammunition is false information, undermines the truth, and sows the seeds of discord and mistrust,” he wrote.
These cyber attacks include a new malware package that Microsoft calls foxblade. It is a Trojan horse that can secretly use the victim’s PC for distributed denial of service attacks. Microsoft said that within three hours after the discovery of foxblade, it updated the Windows Defender anti malware service to prevent foxblade.
Smith wrote that these attacks were “precise targets” and were not as common as the notpetya attack on the country in 2017. However, he added that Microsoft was “particularly concerned” about cyber attacks against civilian targets in Ukraine, involving the financial services, agriculture, emergency response, humanitarian assistance and energy sectors.
“According to the Geneva Convention, these attacks against civilian targets have aroused serious concern, and we have shared information on each attack with the Ukrainian government,” Smith wrote. “We also informed the Ukrainian government of the recent theft of a large amount of data on the Internet, including health, insurance and transportation related personal identification information (PII) and other government data sets.”
Smith wrote that Microsoft is sharing “appropriate information” with NATO officials in Europe and the United States. Due to the global scale of its technology and the operation of Microsoft Threat Intelligence Center, the company has a unique insight into network security threats.
“As a company, one of our main global responsibilities is to help protect governments and countries from cyber attacks,” he wrote. However, he added, “it is important to note that we are a company, not a government or country.”