Security Experts:

Microsoft: Cyberattacks in Ukraine Hitting Civilian Digital Targets

Microsoft is calling attention to a surge in cyberattacks on Ukrainian civilian digital targets, warning that the new “digital war” includes destructive malware attacks on emergency response services and humanitarian aid efforts.

The Redmond, Wash. software giant said the attacks on civilian targets raise serious concerns under the Geneva Convention.

"We remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises," said Microsoft president Brad Smith.

"These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them," Smith said in a statement published Monday. 

[ READ: Symantec: Super-Stealthy 'Daxin' Backdoor is Chinese Threat Actor ]

"We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets," he added.

The Microsoft vice chairman described the Russian invasion as “tragic, unlawful and unjustified” and said Redmond’s cybersecurity researchers detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure just a few hours before the February 24 invasion.

The new malware attack, dubbed FoxBlade, was aimed at a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies.

[ READ: Predictions: SecurityWeek's 2022 Cybersecurity Outlook ]

"These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine's economy and beyond its borders in the 2017 NotPetya attack," Smith explained.

Microsoft is also moving to block content from Russia's state-owned media properties RT and Sputnik from its MSN.com and Microsoft Start platforms.

Redmond is also removing RT news apps from the Windows app store and de-ranking the company’s Bing search results so that it will only return RT and Sputnik links when a user clearly intends to navigate to those pages.

Smith said Microsoft is also banning all advertisements from RT and Sputnik across its ad network.

Late Monday, Twitter said it would put warnings on tweets that share links to Russian state-affiliated media.

Related: Symantec: Super-Stealthy 'Daxin' Backdoor Linked to Chinese Threat Actor

Related: Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw

Related: Microsoft Office Zero-Day Hit in Targeted Attacks

Related: Predictions: SecurityWeek's 2022 Cybersecurity Outlook

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.