All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.
At the outset, it’s important to note that we are a company and not a government or a country. In times like this, it’s especially important for us to work in consultation with those in government and, in this instance, our efforts have involved constant and close coordination with the Ukrainian government, as well as with the European Union, European nations, the U.S. government, NATO and the United Nations.
Protection from cyberattacks
One of our principal and global responsibilities as a company is to help defend governments and countries from cyberattacks. Seldom has this role been more important than during the past week in Ukraine, where the Ukrainian government and many other organizations and individuals are our customers.
Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success. (Within three hours of this discovery, signatures to detect this new exploit had been written and added to our Defender anti-malware service, helping to defend against this new threat.) In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies. This work is ongoing.
These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack. But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises. These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them. We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.
We also continue to share appropriate information with NATO officials in Europe and American officials in Washington. All this builds on our work in recent weeks and months to address escalating cyber activity against Ukrainian targets, including new forms of destructive malware that we previously have discussed publicly. We will continue to share more detailed information publicly when we identify new malware that needs to be shared with the global security community. We will also continue to constantly update all of Microsoft’s services, including our anti-malware Defender service, to help protect against any potential spread of malware to other customers and countries. Our broader efforts to watch for cyberattacks is ongoing, and we will continue to advise Ukrainian cyber defense officials and assist them with their defenses.
Protection from state-sponsored disinformation
We are also focused as a company in protecting against state-sponsored disinformation campaigns, which have long been commonplace in times of war. The past few days have seen kinetic warfare accompanied with a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust. This requires decisive efforts across the tech sector – both individually by companies and in partnership with others – as well as with governments, academia and civil society.
We are moving swiftly to take new steps to reduce the exposure of Russian state propaganda, as well to ensure our own platforms do not inadvertently fund these operations. In accordance with the EU’s recent decision, the Microsoft Start platform (including MSN.com) will not display any state-sponsored RT and Sputnik content. We are removing RT news apps from our Windows app store and further de-ranking these sites’ search results on Bing so that it will only return RT and Sputnik links when a user clearly intends to navigate to those pages. Finally, we are banning all advertisements from RT and Sputnik across our ad network and will not place any ads from our ad network on these sites.
We are continuing to monitor events closely and will make ongoing adjustments to strengthen our detection and disruption mechanisms to avoid the spread of disinformation and promote instead independent and trusted content.
Support for humanitarian aid
One of the tragic consequences of all wars is the impact on the civilian population, including individuals and families that shelter in place and displaced peoples who flee elsewhere for safety. Recent days in Ukraine have provided a visible reminder to the world of the human impact that we work globally to help address in conflict zones around the world. Our Microsoft Philanthropies and UN Affairs teams work closely with the International Committee of the Red Cross (ICRC) and multiple UN agencies, and we have moved quickly to mobilize our resources to help the people in Ukraine.
We are committed to using our technology, skills, resources and voice to assist in humanitarian response efforts. Our initial and immediate focus has been on support for humanitarian organizations such as the ICRC that are doing critical work to help support refugees fleeing into neighboring countries. We have also activated the Microsoft Disaster Response Team to provide technology support, and they are in frequent touch with additional first responders to provide help.
We are also leveraging other parts of Microsoft’s business to help the public find and support humanitarian organizations. Once again, we are also encouraging and seeing an outpouring of generosity from our employees in the United States, across Europe and around the world through Microsoft’s employee giving program. Employee donations, together with Microsoft matching contributions, are currently focused on helping to provide funds to nonprofit organizations on the frontline, including the ICRC, UNICEF and Polish Humanitarian Action. We will continue to work across the company to mobilize additional resources as necessary in the coming days and weeks.
Protection of employees
Microsoft has employees located around the world, including in Ukraine, Russia and across eastern Europe. We also have many employees of both Ukrainian and Russian origin working in many other locations, including western Europe and the United States.
As we have witnessed in other recent conflicts, we see in our employees a common bond and humanitarian spirit that spans borders, longs for peace and cares about the welfare of each other regardless of the nation in which they were born or the passport they hold. Every hour provides a powerful reminder that the darkest of days can also bring out the best in people, whether through ambitious efforts to protect against broad cyberattacks or a small gesture of kindness by one person asking what they can do to help another.
Like other multinational companies, Microsoft is devoted to the protection of its employees. This is of obvious and vital importance for our employees in Ukraine itself, and it includes ongoing and extraordinary efforts by our teams to help our employees and families, including those who have needed to flee for their lives or safety. It also includes our employees in Russia itself, who did not start this war and should not risk discrimination inside or outside their nation either because of their employer’s actions to protect others or the decisions of a government they do not control. We also remain closely focused on support for our employees in the broader region, where we are monitoring the situation closely. As a company, we are always committed to the safe protection of our employees in every country, even when they live on opposite sides of a border marked by conflict.
As we look to the future, it’s apparent that digital technology will play a vital role in war and peace alike. Like so many others, we call for the restoration of peace, respect for Ukraine’s sovereignty and the protection of its people. We not only look toward but will work for a future where digital technology is used to protect countries and peoples, helping us all to bring out the best in each other.
Editor’s note: Please also check our additional blog post, ”Microsoft suspends new sales in Russia,” published on March 4.
Tags: cyberattacks, MSTIC, Ukraine