New FoxBlade Malware Hit Ukraine Hours Before Invasion, Microsoft Says


March 01, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New FoxBlade Malware Hit Ukraine Hours Before Invasion, Microsoft Says

Threat actors used a new malware strain against Ukrainian networks hours before the Russian invasion started on Feb. 24, according to Microsoft.

The company’s Threat Intelligence Center (MSTIC) noticed cyberattacks aimed at Ukraine and identified a novel type of malware they labeled FoxBlade.

“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” said the company’s announcement.

As opposed to the 2017 NotPetya malware campaign that impacted the economy of Ukraine and several other countries, the recently observed attacks are very precise.

“These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack.”

A Security Intelligence advisory published by the company on Feb. 23 describes the malware as a trojan that can surreptitiously weaponize victims’ computers and use them in Distributed Denial of Service (DDoS) attacks.

Denial of Service (DoS) attacks are malicious attempts in which the perpetrator aims to knock individual or network resources offline by disrupting the services of a host connected to a network, usually by flooding it with excessive requests. A DDoS attack operates on the same principle; only the incoming traffic comes from several sources, making it difficult to block.

The FoxBlade attack isn’t the only recent cybersecurity incident involving Ukraine. Earlier this month, security experts discovered another novel malware strain dubbed HermeticWiper, paired with ransomware decoys to wipe data on compromised devices and render them unbootable.

Furthermore, cybercriminals seem to strive in this situation, as they ruthlessly deploy scam campaigns in the wake of Ukrainian refugees seeking shelter in neighboring countries. Ukrainian military personnel was also targeted by a major phishing campaign, according to a CERT-UA warning.

How Bitdefender is helping

Bitdefender & Romania National Cyber Security Directorate (DNSC) work together to keep you, your family and every citizen of Ukraine safe from digital threats with free cybersecurity protection during this time.

In partnership with the DNSC, Bitdefender is providing technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary.

Bitdefender is also providing cybersecurity technology free of charge for one year to any company or public entity from a NATO or European Union country who seeks to enhance their cybersecurity posture by replacing cybersecurity solutions that present trust concerns from a technical or geopolitical perspective.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like