Microsoft Identifies and Disarms New Malware Targeting Ukraine ‘Within 3 Hours’

Microsoft has been working hard to improve the core security features of Windows PCs for several years now – the “secure PC core” initiative, launched back in 2019, was intended to protect against firmware-level attacks, and Windows 11 system requirements require support. for many of the supported but optional security features from Windows 10. Microsoft partially justified these new requirements by pointing out NotPetya data wipe malware, which many attribute to Russian hackers.

As for similar cyberattacks, a recent post by Microsoft President and Vice Chairman Brad Smith details how the company is responding to the Russian invasion of Ukraine. According to the post, Microsoft was able to identify the new Wiper malware (dubbed “FoxBlade”) and provided the Ukrainian government with both mitigation strategies and updated Microsoft Defender definitions “within three hours”of its discovery.

The New York Times report provides more details on how Microsoft worked with US government agencies to distribute FoxBlade patches to other European countries to limit or prevent its potential distribution. “I’ve never seen it work this or nearly this fast,”Microsoft VP of Security Tom Burt said in an interview with the Times about FoxBlade’s mitigation efforts. “Now we do things in hours that even a few years ago would have taken weeks or months.”

In addition to detecting and remediating malware, Microsoft is also combating “state-sponsored disinformation”by removing content from Russian state media (including RT and Sputnik) from MSN.com and other Microsoft Start services such as the Windows 11 Widgets menu. RT apps have been removed from the Windows Store, and RT (formerly Russia Today) and Sputnik content has also been deprioritized in Bing search results. RT and Sputnik now only appear when users make some effort to find them.

Microsoft says it will continue to work with US and European government officials and update its malware definitions to address new threats as they are discovered.

“All of this builds on our work in recent weeks and months to combat the escalation of cyber activity against Ukrainian targets, including new forms of disruptive malware that we have previously publicly discussed,” Smith writes. “We will continue to release more details as we discover new malware that needs to be shared with the global security community.”

Companies are not the only non-state actors involved in the Ukrainian invasion. Independent hackers also hacked into a number of Russian and Belarusian websites following calls by Ukraine’s Vice Prime Minister for the formation of an “IT army”.