New FoxBlade Malware Targeted Ukraine Hours Before Russia’s Attack, Microsoft Says
According to Researchers, the Newly Discovered Trojan Can Use Devices to Launch DDoS Attacks without the Owners’ Knowledge.
According to Microsoft, several hours before Russia invaded Ukraine on February 24th, the Eastern European country networks were targeted with newly discovered malware. The Microsoft Threat Intelligence Center (MSTIC) discovered a new malware strain called FoxBlade that was used in destructive attacks against Ukraine.
Microsoft President and Vice-Chair Brad Smith declared:
Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.
We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.
He also stated that within three hours of finding the FoxBlade malware in the wild, the organization updated its Defender security platform with new signatures in order to block it.
In a Security Intelligence advisory issued on February 23rd, the tech corporation describes the malicious tool as a trojan that is able to use machines to conduct Distributed Denial-of-Service (DDoS) attacks without the owners’ knowledge.
Microsoft President and Vice-Chair also disclosed that these recently discovered and still active cyberattacks “have been precisely targeted.”
Ukraine Under Cyberattacks
The offensive cyberattacks spotted by Microsoft Threat Intelligence Center experts just before the Russian invasion came after a string of malware attacks that began in January 2021.
According to BleepingComputer, earlier this month, the recently found HermeticWiper malware was employed to attack Ukraine along with ransomware decoys in order to wipe data and render devices unbootable.
In January, another wave of malware attacks hit the country, this time using the WhisperGate wiper as a ransomware payload.
CISA and the FBI issued a warning over the weekend to US companies that data wiping attacks against Ukraine could spread to other countries, advising them to “increase vigilance” and strengthen their defenses.
Ukraine’s Vice Prime Minister, Mykhailo Fedorov, announced the formation of an “IT army” to assist the country in “fighting on the cyber front” on the same day.
Before the Russian invasion, the SSU declared it thinks that Ukraine was subjected to a hybrid warfare campaign meant to induce fear and weaken public faith in the government’s capacity to protect its population.
In an official statement, the Ukraine SSU mentioned the fact that the domestic information arena is now undergoing an extraordinary impact unparalleled in history, in an attempt to create fear throughout the country, propagate false information, and misrepresent the true condition of events are being made. This is nothing more than another enormous wave of hybrid warfare, all rolled into a single package.