News

Big Tech enters fight against Russia's multi-pronged cyber offensive

Microsoft, Google, Meta, and Twitter have implemented measures to help dampen the impact of Russia's cyber attacks on Ukraine

1 Mar 2022

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 1 Mar 2022

Mockup of Silicon Valley in front of a random HQ building

Getty Images

Big tech companies including Microsoft, Google, Meta, and Twitter have all taken proactive measures to disrupt the cyber attacks on Ukraine coming from Russian and Belarusian actors across multiple fronts.

Microsoft announced on Monday that it had discovered a brand-new strain of malware targeting Ukraine called FoxBlade. Not much is known about the new strain as of yet, but it’s the third strain of malware that has been found to be targeting organisations in Ukraine and the second identified by Microsoft.

FoxBlade indicators of compromise (IoCs) were shared immediately with Ukraine and protections against the malware were added to Microsoft Defender within three hours of discovery, Microsoft said.

Previous strains targeting Ukraine include HermeticWiper and WhisperGate, the latter of which dates back to January. Both of these strains are classed as ‘destructive malware’, involving a process of infection and data wiping. Experts have previously identified increasing use of these data wipers and predict continued use throughout 2022.

Microsoft said the malware-based cyber attacks have mainly been “precisely targeted” ones, different from the indiscriminate 2017 NotPetya malware operation which also affected Ukraine.

The company has also implemented measures to stop the spread of disinformation - another core tactic deployed by Russia in cyber space.

Microsoft, along with other big tech giants, has targeted Russia Today (RT) and Sputnik, two of the most prominent state-sponsored media outlets in Russia, and placed restrictions on their global reach.

These included blocking all content on Microsoft Start platforms such as MSN.com, de-ranking Bing search results, and removing RT news apps from the Windows Store.

Meta also announced on Monday that it had taken down a coordinated network of individuals carrying out inauthentic behaviour on Facebook.

The network was run by people based in Russia and Ukraine, Meta said, and involved the running of fake news websites and creating false personas across a variety of social media platforms.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1633113875/itpro/Whitepaper%20covers/The_Best_Defence_Against_Ransomware.jpg { display: none !important; }

Free download

“Our investigation is ongoing, and so far we’ve found links between this network and another operation we removed in April 2020, which we then connected to individuals in Russia, the Donbas region in Ukraine and two media organizations in Crimea - NewsFront and SouthFront, now sanctioned by the US government,” said Meta.

Facebook’s parent company also said it observed the long-tracked Ghostwriter hacking group targeting Facebook users, trying to break into their accounts to share videos portraying Ukrainian soldiers as weak and surrendering to Russia.

Shane Huntley of Google’s Threat Analysis Group (TAG) said his team has been tracking Ghostwriter for longer than a year and most recently observed it launching phishing attacks against the Ukrainian government.

Regarding the second CIB campaign referenced - we have taken action and terminated several YouTube channels as part of our investigation. We link the activity to Russia. The channels had minimal engagement with less than 90 subscribers total. (2/3)
— Shane Huntley (@ShaneHuntley) February 28, 2022

Google has also blocked Russian state-backed media outlets from earning revenue on the YouTube platform, while also recommending their content to users less often, the company told Reuters on Saturday.

Separately, the EU announced that it is developing tools to ban the Kremlin’s “media machine” from spreading “lies” and “their toxic and harmful disinformation” to “justify Putin’s war”.

Twitter also said last week that it is “actively monitoring for risks associated with the conflict in Ukraine”, including disinformation campaigns, while announcing that it has suspended advertisements in Ukraine and Russia to ensure public service information is elevated.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1646933598/itpro/Whitepaper%20covers/build_a_hybrid_workplace_that_works_thumb.png { display: none !important; }

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1649690248/itpro/Whitepaper%20covers/digitalavertisingoraclethumbnail.png { display: none !important; }

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1649081528/itpro/Whitepaper%20covers/Ransomware_and_Microsoft_365_For_Business.png { display: none !important; }

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1651142968/itpro/Whitepaper%20covers/Building_A_Modern_Strategy_Thumbnail.jpg { display: none !important; }

Free Download