As Russian tanks rolled into Ukraine, so did its cyberwarfare. Anticipating Russia’s actions, Microsoft’s Threat Intelligence Center was already on high alert when it noticed a never-before-seen piece of malware called “Wiper” aimed at Ukraine’s government sites and financial institutions. Within hours Microsoft was able to roll out a patch to block the code which erases or “wipes” the data from computers. David Sanger, Julian Barnes, and Kate Conger of Boston.com write (abridged):
Last Wednesday, a few hours before Russian tanks began rolling into Ukraine, alarms went off inside Microsoft’s Threat Intelligence Center, warning of a never-before-seen piece of “wiper” malware that appeared aimed at the country’s government ministries and financial institutions.
Within three hours, Microsoft threw itself into the middle of a ground war in Europe — from 5,500 miles away. The threat center, north of Seattle, had been on high alert, and it quickly picked apart the malware, named it “FoxBlade” and notified Ukraine’s top cyberdefense authority. Within three hours, Microsoft’s virus detection systems had been updated to block the code, which erases — “wipes” — data on computers in a network.
Then Tom Burt, the senior Microsoft executive who oversees the company’s effort to counter major cyberattacks, contacted Anne Neuberger, the White House’s deputy national security adviser for cyber- and emerging technologies. Neuberger asked if Microsoft would consider sharing details of the code with the Baltics, Poland and other European nations, out of fear that the malware would spread beyond Ukraine’s borders, crippling the military alliance or hitting West European banks.
Before midnight in Washington, Neuberger had made introductions — and Microsoft had begun playing the role that Ford Motor Co. did in World War II, when the company converted automobile production lines to make Sherman tanks.
After years of discussions in Washington and in tech circles about the need for public-private partnerships to combat destructive cyberattacks, the war in Ukraine is stress-testing the system. The White House, armed with intelligence from the National Security Agency and United States Cyber Command, is overseeing classified briefings on Russia’s cyberoffensive plans. Even if U.S. intelligence agencies picked up on the kind of crippling cyberattacks that someone — presumably Russian intelligence agencies or hackers — threw at Ukraine’s government, they do not have the infrastructure to move that fast to block them.
“We are a company and not a government or a country,’’ Brad Smith, Microsoft’s president, noted in a blog post issued by the company Monday, describing the threats it was seeing. But the role it is playing, he made clear, is not a neutral one. He wrote about “constant and close coordination” with the Ukrainian government, as well as federal officials, the North Atlantic Treaty Organization and the European Union.
“I’ve never seen it work quite this way, or nearly this fast,’’ Burt said. “We are doing in hours now what, even a few years ago, would have taken weeks or months.”