Microsoft says it began detecting “destructive cyberattacks directed against Ukraine’s digital infrastructure” several hours before the Russian military began launching missiles or moving tanks into the country last week.
The disclosure Monday, part of a larger blog post about Ukraine by Microsoft President Brad Smith, provides a glimpse of how cyber-warfare is being used as part of the ongoing invasion. The company says it is giving ongoing guidance to the Ukrainian government about cyberthreats as the situation unfolds.
Microsoft says the attacks include the deployment of a new malware package, which it calls FoxBlade. It’s a trojan that can surreptitiously use a victim’s PC for distributed denial of service attacks. Microsoft says it updated its Windows Defender anti-malware service to protect against the malware within three hours of the discovery.
The attacks have been “precisely targeted,” not as widespread as in the 2017 NotPetya attack against the country, Smith wrote. However, Microsoft is “especially concerned” about cyberattacks against civilian targets in Ukraine, in areas including financial services, agriculture, emergence response, humanitarian aid and the energy sector.
“These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them,” Smith wrote. “We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.”
Smith says Microsoft is sharing “appropriate information” with NATO officials in Europe and America about the attacks.