Cyberwar: Microsoft Comes to Ukraine’s Aid Combating Russian Malware

Print Friendly, PDF & Email

Microsoft – and, apparently, HPC – have come to Ukraine’s aid in the cyber aspect of the Russian invasion.

Several hours before Russia began its assault on February 24, Microsoft’s Threat Intelligence Center (MSTIC), scanning the company’s vast network, detected a new round of offensive cyberattacks directed at Ukraine’s digital infrastructure, according to a blog by Microsoft President and Vice Chair Brad Smith.

MSTIC immediately advised the Ukrainian government about the situation, including the identification of a new malware package and technical advice on stymieing it.

“In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies,” Smith stated “This work is ongoing.”

insideHPC asked Microsoft for information about MSTIC’s HPC-class compute infrastructure, but the company declined to comment.

However, a story in yesterday’s New York Times includes a quote with the earmarks of HPC from Tom Burt, Corporate Vice President, Customer Security & Trust. On MSTIC’s ability to detect and disseminate information about the source of cyberattacks, Burt said: “I’ve never seen it work quite this way, or nearly this fast. We are doing in hours now what, even a few years ago, would have taken weeks or months.”

“I’ve never seen it work quite this way, or nearly this fast. We are doing in hours now what, even a few years ago, would have taken weeks or months.”

Observers have noted that cyberattacks against Ukraine have played a relatively minor role in the Russian invasion so far. In the latest episode of the @HPCpodcast posted Monday on insideHPC, Richard Stiennon, cyber security industry analyst formerly of Gartner’s IT Security Research Practice, said the early state of current-day offensive warfare typically begins with cyberattacks on the opponent’s communications capability and other critical infrastructure.

Stiennon speculated that Russia took a light approach to cyber possibly because it wanted to preserve Ukrainian infrastructure for its own later use. It also could be because Ukraine effectively defended itself against Russian attacks — in part with Microsoft’s help.

Microsoft’s Tom Burt

After detecting the malware, Microsoft’s threat center, located north of Seattle, analyzed it, gave it a name, “FoxBlade,” and notified Ukraine’s cyberdefense authority. “Within three hours, Microsoft’s virus detection systems had been updated to block the code, which erases — ‘wipes’ — data on computers in a network,” the Times reported.

Next step: Burt reached out White House deputy national security adviser for cyber- and emerging technologies, Anne Neuberger, who asked Microsoft to share its findings with Baltic countriess, Poland and other European nations out of concern the malware would spread outside of Ukraine and impair the military capabilities of NATO countries or damage western European banks.

“Before midnight in Washington, Neuberger had made introductions — and Microsoft had begun playing the role that Ford Motor Co. did in World War II, when the company converted automobile production lines to make Sherman tanks,” reported the Times.

In his blog, Scott stated that the cyberattacks directed at Ukraine, which he said are ongoing, “have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in … 2017…. But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises. These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them. We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.”

In another Russia-Ukraine cyberwar development, news aggregation site Vice reports on hacking of electric vehicle charge stations in Russia. “The chargers show … messages in Russian: “GLORY TO UKRAINE / GLORY TO THE HEROES / DEATH TO THE ENEMY,” along with epithets directed at Vladimir Putin.