Select Page

UPDATE: It’s worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that’s been denominated HermeticWiper (aka KillDisk).

Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure hours before Russia launched its first missile strikes last week.

The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant’s Threat Intelligence Center (MSTIC), noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery.

“These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” Microsoft’s President and Vice Chair, Brad Smith, said.

Additional technical specifics pertaining to FoxBlade, including the mode of initial access, are not known, but Microsoft in a Security Intelligence advisory stated that “this trojan can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.”

What’s more, the delivery of the trojan appears to be facilitated by means of a second “downloader” module that’s capable of retrieving and installing the malware on the compromised machines.

images from Hacker News