Microsoft says it found a new malware package, known as FoxBlade, hours before Russia began its invasion of Ukraine on February 24. 


The company’s Threat Intelligence Center (MSTIC) says the malware detected is destructive” and directed against Ukraine’s digital infrastructure. After detecting the malware, the MSTIC warned Ukraine of the attack and shared technical advice on preventing the malware’s success. 


FoxBlade is a malicious trojan installed on systems to enable Distributed Denial of Service (DDoS) attacks, says Nathan Einwechter, Director of Security Research at Vectra, which means that the malware isn’t deployed within the target environments, but instead installed on as many targets as possible. “Once enough systems are under their control, the infected machines can be collectively controlled to knock the actual target (i.e., Ukrainian critical infrastructure) off the internet by flooding their public network connections with more traffic than they can handle,” Einwechter explains.


In recent days, Microsoft says it has provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on various targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies. Primarily, Microsoft says it’s concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.


These attacks on civilian targets “raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them,” Microsoft says. The company has advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.