Microsoft Corp. has detailed a new form of malware that was used against targets in Ukraine in the hours before the start of the Russian invasion.
Dubbed “FoxBlade” by researchers at the Microsoft Threat Intelligence Center, the malware is described as a Trojan that can use computers for distributed denial-of-service attacks without the owners’ knowledge.
In a blog post, Microsoft President and Vice-Chair Brad Smith said that the malware was being used for offensive and destructive cyberattacks against Ukraine’s digital infrastructure.
“These recent and ongoing cyberattacks have been precisely targeted and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” Smith explained. “But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts and energy sector organizations and enterprises.”
The FoxBlade attacks were not the only cyber surprise to emerge from Russia. A joint cyber alert from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has warned of two other new forms of malware being used against organizations in Ukraine.
The first – Whispergate, was also discovered by researchers at Microsoft and is intended to be destructive, rendering targeted devices inoperable. The second – HermeticWiper, was discovered by researchers at SentielOne Inc. and targets Windows devices. The malware manipulates the master boot record, resulting in a subsequent boot failure.
“It makes sense that Microsoft would observe an increase of cyberattacks targeting Ukraine in these last few days,” Hank Schless, senior manager, security solutions at endpoint-to-cloud security company Lookout Inc., told SiliconANGLE. “Even before the Russians invaded, there were a couple of attacks that seemed like tests before more advanced ones were launched. While there’s very little that’s been shared about FoxBlade, it sounds like Microsoft is suggesting that the actors behind its development created it for the purpose of targeting critical infrastructure in Ukraine.”
Schless added that there have also been reports of phishing campaigns targeting Ukrainians on social media platforms. “When there’s a level of uncertainty about something going on in the world, phishing can be one of the most effective tactics for attackers to use,” Schless explained. “Threat actors leverage our innate need for information against us by executing phishing campaigns across SMS, email, third party message platforms, and social media apps in particular.”
Nathan Einwechter, director of security research at cybersecurity company Vectra AI Inc. emphasized that FoxBlade is a malicious Trojan installed on systems to enable DDoS attacks.
“This means that the malware isn’t deployed within the target environments, but instead installed on as many targets of opportunities as possible,” Einwechter said. “Once enough systems are under their control, the infected machines can be collectively controlled to knock the actual target (i.e. Ukrainian critical infrastructure) off the internet by flooding their public network connections with more traffic than they can handle.”
“This is an important distinction, as it means that any individual or company may be a target of infection by FoxBlade and, consequently, used unwittingly to degrade internet access within Ukraine or other targets of Russian interest,” Einwechter added.
Photo: Max Pixel
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.