FoxBlade Trojan Hit Ukraine Right Before The 24 Feb Devastating Russian Invasion

ATTACK Simulator
3 min readMar 11, 2022
FoxBlade Trojan Hit Ukraine Right Before The 24 Feb Devastating Russian Invasion

Microsoft discovered an attack using the FoxBlade malware that had compromised Ukrainian systems just hours before Russia’s massive and ruthless rain of missiles and tank swarms.

The company did not disclose the exact way and time of infiltration yet.

Photo by Artem Kniaz on Unsplash

Microsoft Catching The FoxBlade

“As tanks rolled into Ukraine, so did malware,” humanitarian author Andreas Harsono said.

On Monday, Microsoft reported it had spotted several cyberattacks against Ukraine hours before the Russian invasion on 24 February.

“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.” Microsoft President and Vice-Chair Brad Smith

“We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success,” Smith added.

He also stated that Microsoft had already improved its Defender to spot the new malware.

The Novel Trojan Under The Hood

Although it did not share any details about how the new malware infiltrated the Ukrainian digital infrastructure, the tech giant explained that “This trojan can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.”

According to Microsoft, the trojan also downloads and installs other malicious software onto affected machines.

High-Precision Attacks

“These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” Microsoft wrote in its blog post. “But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.”

Microsoft has shared threat intelligence and defensive techniques with Ukraine’s government so it could improve its protection against cyberattacks during these challenging times.

Photo by Mohammad Rezaie on Unsplash

Microsoft Bans Russian Propaganda

The tech giant announced that it’s making efforts “to reduce the exposure of Russian state propaganda, as well to ensure our own platforms do not inadvertently fund these operations.”

“In accordance with the EU’s recent decision, the Microsoft Start platform (including will not display any state-sponsored RT and Sputnik content. We are removing RT news apps from our Windows app store and further de-ranking these sites’ search results on Bing so that it will only return RT and Sputnik links when a user clearly intends to navigate to those pages,” Smith said.

“Finally, we are banning all advertisements from RT and Sputnik across our ad network and will not place any ads from our ad network on these sites.”Microsoft President and Vice-Chair Brad Smith

“We are also focused as a company in protecting against state-sponsored disinformation campaigns, which have long been commonplace in times of war. The past few days have seen kinetic warfare accompanied with a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust. This requires decisive efforts across the tech sector — both individually by companies and in partnership with others — as well as with governments, academia and civil society,” the post wrote.

The company also announced Microsoft’s and the International Committee of the Red Cross’ (ICRC) ongoing joint efforts to help Ukrainian refugees who escaped the Russian invasion.


- Microsoft Digital technology and the war in Ukraine
- Threatpost Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion
- ZDNet Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store


- Feature Image: Photo by Birger Strahl on Unsplash



ATTACK Simulator

We’re a fresh startup that aims at creating a culture of security in every company by teaching security awareness through automated phishing simulations.