Posted on March 4, 2022 at 7:47 PM

Microsoft Says Foxblade Trojan Hit Ukraine Few Hours Before Invasion

Microsoft reported that it discovered a new Trojan called FoxBlade used to target Ukraine hours before the Russian invasion on February 24.

President of Microsoft Brad Smith, in a blog post, stated that the company is coordinating its efforts with the Ukrainian government, European nations, NATO, the United Nations, and the U.S to offer more cyber protection to users in Ukraine.

The tech giant earlier reported on Monday that its Threat Intelligence Center (MSTIC) discovered cyberattacks against the digital infrastructure of the Ukrainian government hours before Russia started delivering its tanks and missiles in the country.

“We immediately advised the Ukrainian government about the situation,” Smith said, adding that Microsoft subsequently provided technical advice on how to prevent the impact of the malware. A few hours after the discovery, Microsoft added more protection to its Defender anti-malware service by adding signatures to the software. The FoxVlade malware is a novel Trojan, which makes it very dangerous since it has not been found in the wild before.

FoxBlade Is Capable Of Executing DDoS Attacks

Although the tech giant did not provide specifics or technical details, it explained certain features of the Trojan. According to the report, FoxBlade can take advantage of a flaw in a computer to hijack and use it for distributed denial of service (DDoS) attacks without the user’s knowledge.

DDoS attacks have been the most common form of cyber attacks in recent months. They topped thousands daily in the third quarter of 2021, according to a recent report submitted by Kaspersky researchers.

Foxblade Has Other Capabilities

Organizations and cyber security teams should not be only worried about FoxBlade’s potency in DDoS attacks. As has been observed by Microsoft, the Trojan can also download and install other programs into compromised systems.

Smith admitted that the cyberattacks have been “precisely targeted,” compared to the ransom malware splattered in the NotOetya attack in 2017, which targeted several companies all over the world, including in Ukraine.

The U.S. Department of Justice (DOJ), in 2020, charged six Russian nationals for the role they played in the Ukraine attacks as well as other related cyberattacks at that time.

As the Russian-Ukraine conflict continues, Smith is concerned about the wide-ranging cyber attacks aimed at Ukrainian civilian digital targets. Since the war began, the Ukrainian financial sector has been targeted, energy sector organizations, as well as emergency response services. He said Microsoft has shared details of the attacks with the Ukrainian government as it raises serious concerns under the Geneva Convention.

Microsoft has also discovered a new threat action against the Ukrainian government designed to steal personal identification information (PII) related to transportation, insurance, health, and other government data. The tech giant has also shared defensive strategies with Ukraine’s government to enable them to defend against attacks on financial and military institutions as well as other government agencies.

Ukraine Targeted With More Cyber Attacks

The latest FoxBlade malware revelation is coming as several waves of attacks continue to target both Russian and Ukrainian organizations. Last week, the Conti ransomware gang proclaimed that it’s pro-Russia. The group warned that it will not hesitate to use its full hacking capacity to target those looking to launch attacks on Russian critical infrastructure. As proof of the gang’s seriousness to pursue its threat, a Conti ransomware gang member released 13 months of ransomware group’s chats, promising to release more if the need arises.

At the same period, the notorious Anonymous ransomware group, through various accounts, warned Russia to end the war of risk facing full cyber assault and extensive DDoS attacks on its major infrastructure.

On a similar note, Broadcom’s Symantec and ESET stated that they discovered a new data wiper malware dubbed HermeticWiper. According to the report, the malware has targeted hundreds of systems in Ukraine. A malware sample discovered from their research showed that it was compiled on December 28. This suggests that the attack has already been prepared months ago.

Also, Ukrainian government websites and leading banks were hit by DDoS attacks, believed to be delivered by Russian-sponsored hackers. However, the Ukrainian government said it took care of the situation in record time.

Researchers also discovered a very potent wiper malware called WhisperGate on January 13, five weeks before the Russian invasion of Ukraine. The malware was discovered targeting Ukrainian organizations. According to analysts, the attack was probably part of an effort by the Russian government to undermine Ukrainian sovereignty.