Microsoft: Ukraine hit with new FoxBlade malware hours before invasion

by chebbi abir

Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia’s invasion of Ukraine on February 24th.

Researchers with the Microsoft Threat Intelligence Center (MSTIC) observed destructive attacks targeting Ukraine and spotted a new malware strain they dubbed FoxBlade.

“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” Microsoft President and Vice-Chair Brad Smith said.

“We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.”

Smith also said that the company updated its Defender security platform with new signatures to block the FoxBlade malware within three hours of discovering the malicious tool deployed in the wild.

Microsoft describes the malware in a Security Intelligence advisory published on February 23rd as a trojan that can use computers “for distributed denial-of-service (DDoS) attacks” without the owners’ knowledge.

These recently spotted and still active cyberattacks “have been precisely targeted,” Smith also revealed.

This contrasts to the indiscriminate malware assaults that impacted Ukraine’s and other countries’ economies during the 2017 NotPetya worldwide attack linked to a Russian GRU Main Intelligence Directorate hacking group known as Sandworm.

Ukrainian networks attacked with destructive malware

The offensive cyberattacks detected by MSTIC researchers right before the Russian invasion followed several other series of malware attacks since the start of 2021.

Earlier this month, newly discovered HermeticWiper malware was used to target Ukraine together with ransomware decoys to wipe data and render devices unbootable.

In January, the country was struck by another series of malware attacks deploying the WhisperGate wiper disguised as a ransomware payload.


Over the weekend, CISA and the FBI warned US organizations that the data wiping attacks against Ukraine could spill over to other countries, urging US orgs to “increase vigilance” and reinforce their defenses.

The same day, Ukraine’s Vice Prime Minister Mykhailo Fedorov also revealed the creation of an “IT army” to help the country “fight on the cyber front.”

Right before the war started, the Ukrainian Security Service (SSU) reported that Ukraine was being targeted by a “massive wave of hybrid warfare.”

To read the original article:



Interdit de copier  ce contenu