Microsoft is working with Ukraine to counter cyberattacks, but the company is stopping short of detailing any changes to its business operations in Russia.
With offices in both countries, Microsoft said on Feb 28 it is taking steps to protect its employees, support humanitarian aid, stop the spread of state-sponsored disinformation, and safeguard customers and countries from cyberattacks. The same day, Microsoft declined to answer questions on how – or if – it would make changes to its operations in Russia.
“As we look to the future, it’s apparent that digital technology will play a vital role in war and peace alike,” Microsoft President Brad Smith said in a blog post. “Like so many others, we call for the restoration of peace, respect for Ukraine’s sovereignty and the protection of its people.”
“We not only look toward but will work for a future where digital technology is used to protect countries and peoples, helping us all to bring out the best in each other.”
On Monday, Washington Gov. Jay Inslee directed state agencies to cut ties with Russia, and recommended that companies doing business in the state do the same. BP and Shell, which operate sprawling oil refineries in northwest Washington, both announced they plan to cut ties with Russia.
Microsoft has offices in both Kyiv and Moscow. Its Russian location serves customers in nine nearby countries. Russia was listed as a “source of raw material” for Microsoft devices’ supply chain in a 2020 report, alongside more than 90 other countries.
Microsoft declined to comment multiple times on questions about potential changes to its operations in Russia.
Also on Monday, Microsoft said it had detected a round of “offensive and destructive cyberattacks” against Ukraine’s digital infrastructure hours before the launch of missiles and movement of tanks Thursday.
It identified a new malware package – dubbed FoxBlade – and was able to help detect and defend against it within three hours, Smith said in the blog post.
Microsoft declined to say whether it had detected any additional cyber threats in the days following the FoxBlade attack against digital infrastructure in Ukraine or any similar threats in the US but said Monday the “work is ongoing”.
Cyberattacks against Ukrainian government websites and affiliated organisations have been working to disrupt operations in the country but, so far, Ukraine’s digital infrastructure appears to be holding up.
Data-wiping malware infected hundreds of computers in Ukraine and neighbouring Latvia and Lithuania, and a distributed-denial-of-service attack, which disrupts traffic to a server or network, temporarily knocked government websites offline last Wednesday.
The attacks targeted the financial, defense, aviation and information technology industries.
Microsoft said it remains especially concerned about attacks on “civilian digital targets”, including the financial, energy and agriculture sectors, emergency response services and humanitarian aid efforts. It also warned Ukrainian government agencies of efforts to steal government data sets and other records, like health, insurance and transportation-related personally identifiable information.
“We will continue to share more detailed information publicly when we identify new malware that needs to be shared with the global security community,” Smith said.
The company also said Monday it had activated its Microsoft Disaster Response Team to provide tech support and help humanitarian aid efforts. The Disaster Response Team, which has mobilised in the past to help following natural disasters like hurricanes Irma and Maria, offers information and communication technology expertise, partnership resources, and volunteer support.
To prevent the spread of misinformation, Microsoft said it was “de-ranking” search results on Bing from RT and Sputnik, media outlets funded and directed by Russia. It will ban ads from both sites and remove the RT news app from its Windows app store, as well as preventing any state-sponsored content from displaying on its Microsoft Start platform, including MSN.com.
YouTube and Meta, the parent company of Facebook, Instagram and WhatsApp, made similar announcements to restrict access to RT and Sputnik. The European Union is also banning Kremlin-backed media outlets on online platforms, apps and broadcast channels. – The Seattle Times/Tribune News Service