{
	"id": "ce8a3e94-f9c6-4713-8dec-18d2501376dc",
	"created_at": "2026-04-06T00:16:32.938109Z",
	"updated_at": "2026-04-10T03:21:16.151781Z",
	"deleted_at": null,
	"sha1_hash": "c7bc5f16f46c075f665372e7b8327fab44f86d4f",
	"title": "Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36488,
	"plain_text": "Microsoft finds FoxBlade malware on Ukrainian systems, removes\r\nRT from Windows app store\r\nBy Jonathan Greig\r\nPublished: 2022-02-28 · Archived: 2026-04-05 21:43:48 UTC\r\nMicrosoft says it found a new malware package -- which it calls \"FoxBlade\" -- hours before Russia began its\r\ninvasion of Ukraine on February 24. \r\nIn a blog post, Microsoft president Brad Smith said it was coordinating its efforts to protect users in Ukraine with\r\nthe Ukrainian government, the European Union, European nations, the US government, NATO, and the United\r\nNations.\r\n\"Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence\r\nCenter (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital\r\ninfrastructure. We immediately advised the Ukrainian government about the situation, including our identification\r\nof the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps\r\nto prevent the malware's success,\" Smith said. \r\n\"In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials... This work\r\nis ongoing.\"\r\nSmith noted that the cyberattacks on Ukraine seen by Microsoft have been extremely targeted and not as wide-ranging as the 2017 NotPetya attack. \r\nBut Smith said Microsoft has seen recent cyberattacks on \"Ukrainian civilian digital targets, including the\r\nfinancial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector\r\norganizations and enterprises.\"\r\nMicrosoft has also told Ukraine's government about efforts to steal data from government sources, including\r\nhealthcare information, insurance data, transportation data, and other personally identifiable information. \r\nIn addition to its efforts to help Ukraine with cybersecurity measures, Microsoft said it is also taking steps \"to\r\nreduce the exposure of Russian state propaganda, as well to ensure our own platforms do not inadvertently fund\r\nthese operations.\"\r\n\"In accordance with the EU's recent decision, the Microsoft Start platform (including MSN.com) will not display\r\nany state-sponsored RT and Sputnik content. We are removing RT news apps from our Windows app store and\r\nfurther de-ranking these sites' search results on Bing so that it will only return RT and Sputnik links when a user\r\nclearly intends to navigate to those pages,\" Smith said.\r\n\"Finally, we are banning all advertisements from RT and Sputnik across our ad network and will not place any ads\r\nfrom our ad network on these sites.'\r\nhttps://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/\r\nPage 1 of 2\n\n\"We are also focused as a company in protecting against state-sponsored disinformation campaigns, which have\r\nlong been commonplace in times of war. The past few days have seen kinetic warfare accompanied with a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining\r\ntruth and sowing seeds of discord and distrust. This requires decisive efforts across the tech sector – both\r\nindividually by companies and in partnership with others – as well as with governments, academia and civil\r\nsociety.\"\r\nSmith added that Microsoft is working with the International Committee of the Red Cross (ICRC) and multiple\r\nUN agencies on refugee support efforts. \r\nEditorial standards\r\nSource: https://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/\r\nhttps://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/"
	],
	"report_names": [
		"microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store"
	],
	"threat_actors": [],
	"ts_created_at": 1775434592,
	"ts_updated_at": 1775791276,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c7bc5f16f46c075f665372e7b8327fab44f86d4f.pdf",
		"text": "https://archive.orkl.eu/c7bc5f16f46c075f665372e7b8327fab44f86d4f.txt",
		"img": "https://archive.orkl.eu/c7bc5f16f46c075f665372e7b8327fab44f86d4f.jpg"
	}
}