Big tech companies including Microsoft, Google, Meta, and Twitter have all taken proactive measures to disrupt the cyber attacks on Ukraine coming from Russian and Belarusian actors across multiple fronts.
Microsoft announced on Monday that it had discovered a brand-new strain of malware targeting Ukraine called FoxBlade. Not much is known about the new strain as of yet, but it’s the third strain of malware that has been found to be targeting organisations in Ukraine and the second identified by Microsoft.
FoxBlade indicators of compromise (IoCs) were shared immediately with Ukraine and protections against the malware were added to Microsoft Defender within three hours of discovery, Microsoft said.
Previous strains targeting Ukraine include HermeticWiper and WhisperGate, the latter of which dates back to January. Both of these strains are classed as ‘destructive malware’, involving a process of infection and data wiping. Experts have previously identified increasing use of these data wipers and predict continued use throughout 2022.
Microsoft said the malware-based cyber attacks have mainly been “precisely targeted” ones, different from the indiscriminate 2017 NotPetya malware operation which also affected Ukraine.
The company has also implemented measures to stop the spread of disinformation - another core tactic deployed by Russia in cyber space.
Microsoft, along with other big tech giants, has targeted Russia Today (RT) and Sputnik, two of the most prominent state-sponsored media outlets in Russia, and placed restrictions on their global reach.
These included blocking all content on Microsoft Start platforms such as MSN.com, de-ranking Bing search results, and removing RT news apps from the Windows Store.
Meta also announced on Monday that it had taken down a coordinated network of individuals carrying out inauthentic behaviour on Facebook.
The network was run by people based in Russia and Ukraine, Meta said, and involved the running of fake news websites and creating false personas across a variety of social media platforms.
The best defence against ransomware
How ransomware is evolving and how to defend against it
“Our investigation is ongoing, and so far we’ve found links between this network and another operation we removed in April 2020, which we then connected to individuals in Russia, the Donbas region in Ukraine and two media organizations in Crimea - NewsFront and SouthFront, now sanctioned by the US government,” said Meta.
Facebook’s parent company also said it observed the long-tracked Ghostwriter hacking group targeting Facebook users, trying to break into their accounts to share videos portraying Ukrainian soldiers as weak and surrendering to Russia.
Shane Huntley of Google’s Threat Analysis Group (TAG) said his team has been tracking Ghostwriter for longer than a year and most recently observed it launching phishing attacks against the Ukrainian government.
Google has also blocked Russian state-backed media outlets from earning revenue on the YouTube platform, while also recommending their content to users less often, the company told Reuters on Saturday.
Separately, the EU announced that it is developing tools to ban the Kremlin’s “media machine” from spreading “lies” and “their toxic and harmful disinformation” to “justify Putin’s war”.
Twitter also said last week that it is “actively monitoring for risks associated with the conflict in Ukraine”, including disinformation campaigns, while announcing that it has suspended advertisements in Ukraine and Russia to ensure public service information is elevated.
