All of us at Microsoft are closely following the tragic, illegal and unwarranted invasion of Ukraine. This has turned into a kinetic and digital war, with horrific images from all over Ukraine, as well as less visible cyberattacks on computer networks and Internet-based disinformation campaigns. We have received an increasing number of queries about these aspects and our work, and therefore we put in one place a brief summary about them in this blog. This includes four areas: protecting Ukraine from cyber attacks; protection against state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.
To begin with, it is important to note that we are a company and not a government or a country. At times like this, it is especially important for us to work in consultation with those in government, and in this case our efforts have involved constant and close coordination with the government of Ukraine, as well as with the European Union, the nations European Unions, the United States government, NATO and the United Nations.
Protection against cyber attacks
One of our primary and global responsibilities as a company is to help defend governments and countries from cyber attacks. Rarely has this role been more important than during the past week in Ukraine, where the Ukrainian government and many other organizations and individuals are our clients.
Several hours before the missile launch or tank movement on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks targeting Ukraine’s digital infrastructure. We immediately informed the Ukrainian government of the situation, including our identification of the use of a new malware package (which we call FoxBlade), and provided technical advice on steps to prevent the success of the malware. (Within three hours of this discovery, signatures to detect this new exploit were written and added to our Defender antimalware service, which helped defend against this new threat.) In recent days, we have provided threat intelligence and defensive advice to Ukrainian officials regarding attacks against a variety of targets, including Ukrainian military institutions and manufacturers and various other Ukrainian government agencies. This work is in progress.
These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of indiscriminate malware technology that spread through Ukraine’s economy and beyond its borders in the 2017 NotPetya attack. concerned about recent cyberattacks against Ukrainian civilian digital targets, including the financial sector, the agricultural sector, emergency response services, humanitarian aid efforts, and organizations and companies in the energy sector. These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them. We have also briefed the Ukrainian government on recent cyber efforts to steal a wide range of data, including personally identifiable information (PII) related to health, insurance, and transportation, as well as other sets of government data.
We also continue to share appropriate information with NATO officials in Europe and US officials in Washington. All of this builds on our work in recent weeks and months to address the escalation of cyber activity against Ukrainian targets, including new forms of destructive malware that we have previously discussed publicly. We will continue to share more detailed information publicly when we identify new malware that should be shared with the global security community. We will also continue to constantly update all Microsoft services, including our Defender antimalware service, to help protect against any potential spread of malware to other customers and countries. Our broader efforts to monitor cyber attacks continue and we will continue to advise Ukraine’s cyber defense officials and assist them with their defenses.
Protection against state-sponsored disinformation
As a company, we also focus on protection against state-sponsored disinformation campaigns, which have long been commonplace in times of war. The last few days have seen a kinetic warfare accompanied by a well-orchestrated ongoing battle in the information ecosystem where the ammunition is disinformation, undermining the truth and sowing seeds of discord and mistrust. This requires decisive efforts across the technology sector, both individually by companies and in partnership with others, as well as with governments, academia and civil society.
We are moving quickly to take further steps to reduce exposure to Russian state propaganda, as well as to ensure that our own platforms do not inadvertently fund these operations. In accordance with the recent EU decision, the Microsoft Start platform (including MSN.com) will not display any state-sponsored RT and Sputnik content. We are in the process of removing RT news apps from our Windows App Store and further removing search results for these sites from Bing so that it only returns RT and Sputnik links when a user intends to navigate to those sites. pages clearly. Finally, we prohibit all RT and Sputnik ads on our ad network and will not place any ads from our ad network on these sites.
We continue to closely monitor events and will make ongoing adjustments to strengthen our detection and disruption mechanisms to prevent the spread of disinformation and promote independent and trustworthy content.
Support for humanitarian aid
One of the tragic consequences of all wars is the impact on the civilian population, including individuals and families sheltering in place and displaced persons fleeing elsewhere in search of safety. The last few days in Ukraine have provided a visible reminder to the world of the human impact we work globally to help address in conflict zones around the world. Our Microsoft Philanthropy and UN Affairs teams work closely with the International Committee of the Red Cross (ICRC) and various UN agencies, and we have moved quickly to mobilize our resources to help people in Ukraine. .
We are committed to using our technology, skills, resources and voice to help humanitarian response efforts. Our initial and immediate focus has been on supporting humanitarian organizations like the ICRC, which do essential work to help refugees fleeing to neighboring countries. We also activated the Microsoft Disaster Response Team to provide technology support, and they are in frequent contact with additional first responders to provide assistance.
We also leverage other parts of Microsoft’s business to help the public find and support humanitarian organizations. Once again, we also encourage and see great generosity from our employees in the United States, across Europe, and around the world through the Microsoft Employee Giving Program. Employee donations, along with matching contributions from Microsoft, are currently focused on helping to provide funding to frontline nonprofits, including the ICRC, UNICEF and the Polish Humanitarian Association. We will continue to work across the company to mobilize additional resources as needed in the coming days and weeks.
Employee Protection
Microsoft has employees all over the world, including in Ukraine, Russia, and Eastern Europe. We also have many employees of Ukrainian and Russian origin who work in many other places, including Western Europe and the United States.
As we have witnessed in other recent conflicts, we see in our employees a common bond and a humanitarian spirit that crosses borders, longs for peace and cares about the well-being of others, regardless of the nation they were born in or the passport they hold. Every hour provides a powerful reminder that the darkest days can also bring out the best in people, whether it’s through ambitious efforts to protect against widespread cyberattacks or a small gesture of kindness from a person who asks what they can do. to help another.
Like other multinational companies, Microsoft is dedicated to protecting its employees. This is of obvious and vital importance to our employees in Ukraine, and includes the continued and extraordinary efforts of our teams to help our employees and families, including those who have had to flee for their lives or safety. It also includes our employees in Russia itself, who did not start this war and should not risk discrimination at home or abroad, whether because of their employer’s actions to protect others or because of the decisions of a government. that they do not control. We also remain closely focused on supporting our employees in the wider region, where we monitor the situation closely. As a company, we are always committed to the safe protection of our employees in every country, even when they live on opposite sides of a conflict-scarred border.
Looking to the future, it is clear that digital technology will play a vital role in both war and peace. Like so many others, we call for the restoration of peace, respect for the sovereignty of Ukraine and the protection of its people. We not only look to a future where digital technology is used to protect countries and peoples, but we will work towards it, helping us all bring out the best in each other.