Microsoft detected a malware in security systems of Ukraine, called FoxBlade. After intercepting the malware, the company went out of its way to upgrade systems e warn the highest cyber defense authority of Ukraine.
But why Russia has not yet responded heavily to the threats of cyberwar? Why is he holding back?
Microsoft and FoxBlade, a new “wiper” malware
After years of talk about the need for public-private partnerships to combat cyber attacks, the war in Ukraine is testing the system. On Wednesday, just hours before Russian tanks began to approach Ukraine, alarms went off inside Microsoft’s Threat Intelligence Center.
The systems detected a malware “wiper” never seen before.
Within three hours, Microsoft found itself in the middle of a cyberwar in Europe. The Threat Center, north of Seattle and in state of maximum alertquickly spotted the malware, called FoxBlade. He later notified the Ukraine’s highest cyber defense authority. Within three hours, Microsoft updated virus detection systems to block code, which wipes data on computers across a network.
Then Tom Burta senior Microsoft executive, contacted Anne Neuberger, Deputy National Security Advisor to the White House. Despite years of discussions about the need for public-private partnerships to combat destructive cyberattacks, the war in Ukraine is testing the system.
American intelligence agencies will also have detected the cyberattacks against the government of Ukraine. But unfortunately they do not have the right infrastructure to be able to block them immediately.
“We are a company and not a government or a country,” he noted Brad Smith, President of Microsoft, describing the threats he was seeing. But the role he’s playing, he made it clear, it is not neutral. He wrote of “constant and close coordination” with the Ukrainian government, as well as i federal officialsl’North Atlantic Treaty Organization and theEuropean Union.
Is Russia really a cyberpower?
Business executives participate in secure calls to listen briefings organized by the National Security Agency and from Cyber Command of the United States. However, companies like Microsoft and Google are the ones that find much of theusable intelligencejust because they can see what flows through their vast networks.
Mr. Biden’s aides often note that it was a private company – Mandiant – to have identified the “SolarWinds” attack 15 months ago. Here one of Russia’s most cybersavid intelligence agencies, the S.V.R.has infiltrated the network management software used by thousands of US government agencies e private companies.
This gave the Russian government unrestricted access to information.
Such attacks have given Russia a reputation as the “most aggressive cyberpower”. But the surprise of recent days is that Russia’s activity in this field has been quieter than expectedthe researchers said. Shane Huntley, the director of Google’s Threat Analysis Group, said:
Many people are quite surprised that there is no significant integration of cyber attacks into the general campaign that Russia is waging in Ukraine. This is mostly business as normal with regards to Russian targeting levels.
Mr. Huntley said Google regularly observes some Russian attempts to hack accounts of people in Ukraine. “The normal level is actually never zero,” she said. But these attempts they have not increased noticeably in recent days, as Russia invaded Ukraine.
“We have seen some Russian activity that has targeted Ukraine; it just wasn’t the big sets, ”said Ben Read, a director of security firm Mandiant.
It is not clear to American or European officials why Russia held back.
One possibility is that they have actually tried but that they found themselves in front of stronger than expected defenses. Or they just want reduce the risk of attacking civilian infrastructure. However, US officials said a massive cyberattack by Russia in Ukraine, or beyond, it’s hardly out of the question. Some speculate that just as Moscow intensifies its indiscriminate bombing, it will try to cause as many economic disruptions as possible.
Longer e more effectively the Ukrainian resistance stands against the Russian army, the more Moscow may be tempted to use “the army of the Russian cyber forces”. This is what Senator Mark Warner said.
Meta revealed on Sunday that he had discovered hackers taking control of accounts belonging to Ukrainian military officials e public figures. Hackers have exploited their access to these accounts for spreading disinformation, posting videos who claimed to show the surrender of the Ukrainian army. Meta replied blocking accounts and warning users.
Twitter he said he found signs that the hackers attempted to compromise accounts on its platform. YouTube instead said to you have removed five channels who posted videos used in the disinformation campaign.
Meta executives said the Facebook hackers were affiliated with a group known as Ghostwriter. Security researchers believe this group is associated with the Belarus. Ghostwriter is known for his email account hacking strategy. The group has been “heavily active” in Ukraine for the past two months.
Could the cards on the table change?
US officials at the moment they do not assess any direct threats to the country from the strengthening of Russian IT operations. However this calculation could change.
US and European sanctions are heavier than expected. Warner said Russia could respond “either with cyber attacks directed against NATO countries or, more likely, in effect by unleashing all Russian cybercriminals on ransomware attacks at a massive level that still allows them some deniability.”
Russian ransomware criminal groups led a devastating series of attacks in the United States. Over the past few months Russia has done what it can to rein in these groups but now he could easily change his mind.
However, President Biden has stepped up his warnings to Russia against any kind of cyberattack on the United States. “If Russia pursues cyberattacks against our companies, our critical infrastructures, we are ready to respond,” he said. Biden Thursday.
Any Russian attack on the United States appears to be a ‘reckless escalation. However, Rep. Adam B. Schiff noted that the decision process Putin has so far proved himself rare. Regarding this he stated:
There is a risk that any IT tools that Russia uses in Ukraine will not stay in Ukraine. We have already seen a similar situation where target-directed malware released in the wild then takes on a life of its own. We therefore risk falling victim to Russian malware that has gone beyond its intended target.