WASHINGTON – Just hours before Russian tanks began entering Ukraine, an alarm went off inside Microsoft’s Threat Intelligence Center, warning of a never-before-seen piece of “Viper” malware aimed at the country’s government ministries and financial institutions. .
Within three hours, Microsoft had thrown itself into the middle of a land war in Europe – 5,500 miles away. Dangerous center, north of Seattle, was on high alert, and it quickly isolated the malware, naming it “Foxblade” and notifying Ukraine’s top cyber defense authority. Within three hours, Microsoft’s virus detection system was updated to block code, which erases data – “wipes” – on computers in the network.
Tom Burt, a senior Microsoft executive who oversees the company’s efforts to combat major cyber attacks, then approached Ann Newberger, the White House Deputy National Security Adviser for cyber and emerging technology. Ms. Neuberger asked if Microsoft would consider sharing the details of the code with the Baltics, Poland and other European nations, fearing that the malware would spread beyond Ukraine’s borders, cripple military alliances or hit Western European banks.
Before midnight in Washington, Ms. Neuberger introduced – and Microsoft began to play the role of Ford Motor Company in World War II, when the company transformed into an automobile production line to build Sherman tanks.
After years of discussions in Washington and tech circles about the need for public-private partnerships to combat destructive cyber attacks, Ukraine is testing the war system. Equipped with intelligence from the White House, the National Security Agency and the United States Cyber Command, it monitors classified briefings on Russia’s cyber-offensive plans. If the intelligence agencies have noticed the crippling cyber attacks that someone – possibly American Russian intelligence agencies or hackers – have thrown at the Ukrainian government, they still do not have the infrastructure to move fast enough to block them.
“We are a company and not a government or a country,” Brad Smith, president of Microsoft, noted in a blog post released by the company on Monday, describing the threats he was seeing. But the role she is playing, she made clear, is not neutral. He wrote about the “continuous and close coordination” with the Ukrainian government, as well as federal officials, the North Atlantic Treaty Organization and the European Union.
Mr. Said Bert. “We’re doing it in hours now, which a few years ago would have taken weeks or months.”
The intellect is flowing in many directions.
The company’s executives, equipped with some new security clearances, are joining British authorities, among others, in securing calls to listen to a series of briefings organized by the National Security Agency and the United States Cyber Command. But companies like Microsoft and Google are getting the most active intelligence, which can see what’s going on in their vast network.
Mr. Biden’s aides frequently point out that it was a private firm – Mandiant – that discovered the “Solarwinds” attack 15 months ago, infiltrating one of Russia’s largest cybersecurity intelligence agencies, SVR, thousands of US government agencies and network management software used by private. Is. Business. He gave the Russian government unfettered access.
Such attacks have given Russia a reputation as the most aggressive, and efficient, cyber power. But the surprise of recent days is that Russia’s activity in the region has become more muted than expected, the researchers said.
Most of the early tabletop exercises about the Russian invasion began with overwhelming cyber attacks, expelling the Internet and possibly the power grid in Ukraine. So far, that hasn’t happened.
“Many people are very surprised that the overall campaign being carried out by Russia in Ukraine does not have a significant integration of cyber attacks,” said Shane Huntley, director of Google’s threat analysis group. “This is a business as common as most levels of Russian targeting.”
Mr. Huntley said Google regularly monitors some Russian attempts to hack people’s accounts in Ukraine. “Normal levels are never really zero,” he said. But those efforts have not grown significantly in the last few days, as Russia has invaded Ukraine.
“We have seen some Russian activity targeting Ukraine; They weren’t just big groups, “said Ben Reid, director of security firm Mendient.
It is not clear to American or European officials why Russia stopped them.
It may be that they tried but the defense was stronger than they expected, or that the Russians wanted to reduce the risk of attacking civilian infrastructure so that the puppet government they had established would not struggle to rule the country.
But U.S. officials say a massive cyber attack by Russia on Ukraine – or beyond, in exchange for economic and technological sanctions imposed by the United States and Europe – is hardly off the table. Some speculate that as Moscow continues its indiscriminate bombing, it will try to create as much economic disruption as it can collect.
The longer and more effective the Ukrainian resistance against the Russian military, the more tempting it may be for Moscow to start using the “Armada of the Russian Cyber Forces,” Virginia Democrat Senator Mark Warner, who heads the Senate Intelligence Committee, said in a recent interview.
Facebook’s parent company Meta revealed on Sunday that it had hacked into the accounts of Ukrainian military officers and public figures. The hackers tried to use their access to these accounts to spread false information by posting videos allegedly showing Ukrainian military surrender. Meta responded by locking down accounts and warning targeted users.
Understand Russia’s invasion of Ukraine
What is the root of this aggression? Russia considers Ukraine an area of its natural influence, and has become increasingly concerned about Ukraine’s proximity to the West and the possibility of the country joining NATO or the European Union. While Ukraine is not part of either, it receives financial and military assistance from the United States and Europe.
Twitter said it had received indications that hackers had tried to tamper with accounts on its platform, and YouTube said it had removed five channels that had posted videos used in the false information campaign.
Meta executives said the Facebook hackers were linked to a group called Ghostwriter, which security researchers believe is linked to Belarus.
Ghostwright is known for its strategy of hacking into the email accounts of individuals, then manipulating their social media accounts using access. The group has been “extremely active” in Ukraine for the past two months, he said. Read on, who does the research in the group.
U.S. officials do not currently see any direct threat from step-up Russian cyber operations to the United States, the calculation may change.
US and European sanctions are tougher than expected. Mr. Warner said Russia could “respond directly to cyber attacks against NATO countries or, more likely, to ransomware attacks on a large scale by freeing all Russian cybercriminals, which still allows them to deny some responsibility.”
Russian ransomware criminal gangs were arrested in the U.S. last year. Hospitals, a meat-processing company and, most notably, a company operating gasoline pipelines on the east coast, were hit by a series of devastating attacks. While Russia has taken steps in recent months to curb those groups – after months of meetings between Mrs. Neuberger and his Russian counterpart, Moscow, made several high-profile arrests in January – it could easily reverse its crackdown efforts.
But President Biden has raised his warnings to Russia against any cyber attack on the United States.
Mr. Biden said Thursday.
It was the third time Mr. Biden issued the warning after winning the election. While any Russian attack on the US looks like it would be a reckless increase, Rep. Adam B. Schiff, a Democrat from California who heads the House Intelligence Committee, noted that Mr. Putin’s decision-making power so far has been weak.
“There is a risk that whatever cyber tools Russia uses in Ukraine will not remain in Ukraine,” he said in an interview last week. “We’ve seen this before, where malware directed to a specific target is released into the jungle and then takes its own life. So we can be a victim of Russian malware that has gone beyond its intended target.