By: Ravie Lakshmanan
Update: It’s worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that’s been denominated HermeticWiper (aka KillDisk).
Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure hours before Russia launched its first missile strikes last week.
The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant’s Threat Intelligence Center (MSTIC), noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery.
“These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” Microsoft’s President and Vice Chair, Brad Smith, said.
Additional technical specifics pertaining to FoxBlade, including the mode of initial access, are not known, but Microsoft in a Security Intelligence advisory stated that “this trojan can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.”
What’s more, the delivery of the trojan appears to be facilitated by means of a second “downloader” module that’s capable of retrieving and installing the malware on the compromised machines.
The disclosure comes as cyber assaults ranging from malicious data wipers to DDoS attacks have continued to rain down on Ukrainian government and banking websites, even as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of such attacks employed beyond the country’s borders.
“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” CISA said. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”