Skip to main content

Microsoft says Ukraine conflict is 'the first hybrid war'

The Russian invasion of Ukraine was preceded by a wide-ranging cyberattack that signals the start of a whole new form of warfare, Microsoft’s President has said.

Speaking at the company’s Microsoft Envision event in London, Brad Smith revealed that it had been aware of potential attacks against Ukraine being launched shortly before the physical invasion took place.

The company was then able to gather its resources to not just crack down on the initial attacks, but help Ukrainian defenders organise a response to what Smith called “the first major hybrid war”.

Hybrid war

Harking back to the initial “ages” of war, which encompassed land, sea and air assaults respectively, Smith noted that warfare had now entered “a fourth plain”: cyber.

The company had three main responsibilities: sustaining a government, defending a nation, and protecting the people.

Smith outlined how up until one week before the war started, the Ukraine government was running entirely on-premise. As fears of an invasion grew though, Microsoft leapt into action and, “within days”, 16 of 17 government ministries and a number of key Ukrainian companies were moved to the cloud.

Importantly, Smith noted, this cloud was outside Ukraine for extra security - a move helped by the fact that Microsoft had spent $12 billion building datacentres across Europe.

“The best way to protect a country in a time of war is to ensure its continuity by dispersing its digital assets,” he said. “You are most safe when people don't know where your data is.”

Microsoft Envision Brad Smith

(Image credit: Future / Mike Moore)

Also ahead of a physical invasion, Smith noted that the conflict actually appeared to begin online as the Foxblade malware was launched against up to 300 Ukrainian targets.

“The first shells were fired in cyberspace,” he said, outlining how seven different units across three parts of the Russian government all began firing off attacks. Unlike the NotPetya attack utilized during the previous Russian invasion, these attacks were precisely targeted, using waves of wiper software to cripple Ukrainian infrastructure.

"As the war has gone on, what we've seen is not just a proliferation of attack, but sometimes a combination of attacks,” he noted, highlighting how Microsoft had detected 237 distinct operations and 40 destructive attacks targeting hundreds of systems ahead of physical attacks. The times between cyber and ground assaults had also shrunk down from days to hours and sometimes even minutes, he said, highlighting one cyberattack  that targeted a nuclear power plant, with a physical attack following within hours.

Microsoft Envision Brad Smith

(Image credit: Future / Mike Moore)

Looking forward, Smith noted that Microsoft’s role was now focusing on several fronts, including disrupting Russian disinformation, protecting people on the ground, and making sure there is accountability for war crimes committed during the conflict.

“We are going to need to develop the defensive capabilities to combat this kind of cyber attacks,” he declared.

"When we think about the war in Ukraine, when we think about what it takes to support and sustain that government...I think we should also think about what it means for our place in the many ways the gift given to us is being attacked.”

“We should all recognize that we are working together to support not only Ukraine, but the world.”

Source: TechRadar

Popular posts from this blog

Twitter has hidden the chronological feed on iOS again – and I'm furious

In a controversial move, Twitter has brought back a feature that removes the 'Latest Tweets' view for users on iOS, which is something that many users, including me, hated back in March 2022 – and it's now rolling out. The first time the company decided to do this, 'Home' would appear first in a tab at the top, and there was no way of changing it so that 'Latest Tweets' would be the default view. It was reverted back after the company said it was a 'bug' for iOS users. This time though, it's no bug. Instead, it's 'For You' and 'Following' where you can only swipe between them now, which doesn't make much sense for a platform where you're using the platform to keep up to date with who you follow. It's a bizarre change that makes me ask – who wants this, especially during a time when its new owner, Elon Musk, is bringing in and reversing changes almost every week still? This one change will have big consequenc

This new Linux malware floods machines with cryptominers and DDoS bots

Cybersecurity researchers have spotted a new Linux malware downloader that targets poorly defended Linux servers with cryptocurrency miners and DDoS IRC bots. Researchers from ASEC discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Apparently, Korean users were the ones uploading the SHC, and it’s Korean users who are targets, as well. Further analysis has shown that the threat actors are going after poorly defended Linux servers, brute-forcing their way into administrator accounts over SSH.  Mining Monero Once they make their way in, they’ll either install a cryptocurrency miner, or a DDoS IRC bot. The miner being deployed is XMRig, arguably the most popular cryptocurrency miner among hackers. It uses the computing power of a victim's endpoints to generate Monero, a privacy-oriented cryptocurrency whose transactions are seemingly impossible to track, and whose users are allegedly impossible to identify. Fo

Port of Lisbon hit by ransomware attack

One of Europe’s busiest seaports, the Port of Lisbon, has been hit with a ransomware attack that knocked some of its digital systems offline. "All safety protocols and response measures provided for this type of occurrence were quickly activated, the situation being monitored by the National Cybersecurity Center and the Judicial Police," a statement shared by the Port of Lisbon Administration (APL) with local media earlier this week said. The incident failed to impact the port’s operations, but did take its official website,, offline. LockBit taking responsibility "The Port of Lisbon Administration is working permanently and closely with all competent entities in order to guarantee the security of the systems and respective data," the statement concludes. While the company doesn’t explicitly say it was targeted with ransomware, the LockBit ransomware operator has added APL to its leaks website, taking responsibility for the hit.  The databas

Code-generating tools could be more of a security hindrance than help

New research by a group of Stanford-affiliated researchers has uncovered that code-generating AI tools such as Github Copilot can present more security risks than many users may realize. The study looked specifically at Codex, a product of OpenAI, of which Elon Musk is among the co-founders.  Codex powers the Microsoft-owned GitHub Copilot platform, which is designed to make coding easier and more accessible by translating natural language into code and suggesting changes based on contextual evidence. AI-coding problems Lead co-author of the study, Neil Perry, explains that “code-generating systems are currently not a replacement for human developers”. The study asked 47 developers of differing abilities to use Codex for security-related problems, using Python, JavaScript and C programming languages. It concluded that the participants who relied on Codex were more likely to write insecure code compared with a control group. Read more > These are the best laptops for progr