Microsoft identifies and mitigates new malware targeting Ukraine “within 3 hours”

Microsoft has been pushing harder to increase the baseline security features of Windows PCs for a couple of years now—the "secured-core PC" initiative launched back in 2019 was meant to guard against firmware-level attacks, and Windows 11's system requirements mandate support for many supported-but-optional security features from Windows 10. Microsoft justified these new requirements in part by pointing to the NotPetya data-wiping malware, which has widely been attributed to Russian hackers.

Regarding similar cyberattacks, a recent post from Microsoft President & Vice Chair Brad Smith details more about how the company is responding to the Russian invasion of Ukraine. According to the post, Microsoft was able to identify new wiper malware (dubbed "FoxBlade") and provided both mitigation strategies and updated Microsoft Defender definitions to the Ukrainian government "within three hours" of discovering it.

Reporting from The New York Times provides additional details of how Microsoft worked with US government agencies to distribute the FoxBlade fixes with other European countries to limit or prevent its potential spread. "I've never seen it work quite this way, or nearly this fast," Microsoft security VP Tom Burt told the Times of FoxBlade's mitigation efforts. "We are doing in hours now what, even a few years ago, would have taken weeks or months."

Beyond malware detection and mitigation, Microsoft is also combatting "state-sponsored disinformation" by removing content from Russian state media (including RT and Sputnik) from MSN.com and other Microsoft Start-powered services like Windows 11's Widgets menu. RT's apps have been removed from the Windows Store, and RT (formerly Russia Today) and Sputnik content is also being deprioritized in Bing search results. RT and Sputnik now only appear when users make a specific effort to search for them.

Microsoft says it will continue working with US and European government officials and updating its malware definitions to address new threats as it detects them.

"All this builds on our work in recent weeks and months to address escalating cyber activity against Ukrainian targets, including new forms of destructive malware that we previously have discussed publicly," writes Smith. "We will continue to share more detailed information publicly when we identify new malware that needs to be shared with the global security community."

Companies aren't the only nonstate actors involved in the Ukrainian invasion. Independent hackers have also taken down a series of Russian and Belarusian websites following calls for a formation of an "IT Army" by Ukraine's vice prime minister.