Microsoft announced the discovery of a new wave of malicious and damaging cyberattacks. They revealed on Monday that a new malware package, known as FoxBlade, was launched hours before the Russian invasion. The malware targeted Ukraine’s digital infrastructure just hours before Russia started its first missile strikes last week.
According to the IT giant’s Threat Intelligence Center, the attacks entailed the usage of a never-before-seen malware programme named FoxBlade (MSTIC). Following the detection of the virus, the MSTIC alerted Ukraine to the attack and shared technical assistance on how to avoid the infection’s success. They also stated that it added new signatures to its Defender anti-malware service within three hours of the discovery to detect the attack.
About the FoxBlade malware
According to Nathan Einwechter, Director of Security Research at Vectra, FoxBlade is a malicious trojan installed on systems to enable Distributed Denial of Service (DDoS) attacks. This implies that the malware isn’t deployed within the target environments but installed on as many targets as possible.
DDoS attacks surpassed tens of thousands per day in Q3 and were anticipated to rise further, according to Kaspersky researchers, in November 2021.
In addition to performing DDoS assaults, FoxBlade downloads and instals other programmes, including malware, onto victim systems. The trojan’s distribution appears to be aided by a second “downloader” module capable of collecting and installing malware on infected devices.
“Once enough systems are under their control,” Einwechter continues, “the infected machines may be collectively manipulated to knock the actual target (i.e., Ukrainian critical infrastructure) off the internet. This is achieved by flooding their public network connections with more data than they can handle.”
Microsoft has issued a Security Intelligence advisory regarding FoxBlade, a new trojan. The business has not disclosed technical information or details about how FoxBlade gains early access to targeted PCs. The advice does, however, state that “this trojan can use your PC for distributed denial-of-service (DDoS) assaults without your awareness.”
Threat Intelligence assistance by Microsoft
Microsoft claims to have offered threat intelligence and defensive solutions to Ukrainian officials in recent days regarding attacks on a variety of targets. This includes Ukrainian military institutions and factories and several other Ukrainian government bodies.
Microsoft is particularly worried about recent cyberattacks on Ukrainian civilian digital targets, including the financial and agricultural sectors, emergency response services, humanitarian aid initiatives, and energy sector organisations and corporations.
According to Microsoft, these strikes on civilian targets “raise severe concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them.” The corporation has informed the Ukrainian government about recent cyber-attacks aimed at stealing a wide range of data, including personally identifiable information (PII) connected to health, insurance, transportation, and other official data sets.
Ongoing cyber assaults
The announcement comes as cyberattacks ranging from malicious data wipers to DDoS attacks continue to target the Ukrainian government and banking websites. Last week, Russia and Ukraine were targeted by a bombardment that featured the Conti ransomware group professing its pro-Russian stance. Following that, a pro-Ukraine Conti ransomware gang member leaked 13 months of the ransomware group’s communications, vowing more to follow.
Last week, ESET and Broadcom’s Symantec announced the discovery of HermeticWiper, a new data wiper malware that has been employed against hundreds of PCs in Ukraine.
WhisperGate, a destructive wiper software masquerading as ransomware assaults, began targeting Ukrainian organisations on January 13.
The attacks continue, despite the fact that the United States Cybersecurity and Infrastructure Security Agency (CISA) has warned of such attacks being used beyond the country’s borders.
“These recent and ongoing intrusions have been specifically targeted, and we have not observed the deployment of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” said Brad Smith, President and Vice-Chair of Microsoft.
“Destructive malware can pose a direct threat to an organisation’s day-to-day operations, affecting the availability of essential assets and data,” according to CISA. “Further disruptive cyberattacks against Ukrainian organisations are anticipated and may mistakenly spread to organisations in other countries.”
Stay tuned about the latest in cybersecurity by following us on LinkedIn and subscribing to our newsletters.