Last Wednesday, a few hours before Russian tanks began rolling into Ukraine, alarms went off inside Microsoft’s Threat Intelligence Center, just north of Seattle, warning of a never-before-seen piece of “wiper” malware that appeared aimed at Ukraine’s government ministries and financial institutions.
As reported in The NY Times, Tom Burt, a senior Microsoft executive who oversees the company’s effort to counter major cyberattacks, contacted Anne Neuberger, the White House’s deputy national security adviser for cyber- and emerging technologies. Ms. Neuberger asked if Microsoft would consider sharing details of the code with the Baltics, Poland and other European nations, out of fear that the malware would spread beyond Ukraine’s borders, crippling the military alliance or hitting West European banks.
Before midnight in Washington, Ms. Neuberger had made introductions — and Microsoft had begun playing the role that Ford Motor Company did in World War II, when the company converted automobile production lines to make Sherman tanks.
“We are a company and not a government or a country,” Brad Smith, Microsoft’s president, noted in a blog post issued by the company on Monday, describing the threats it was seeing. But the role it is playing, he made clear, is not a neutral one. He wrote about “constant and close coordination” with the Ukrainian government, as well as federal officials, the North Atlantic Treaty Organization and the European Union.
“I’ve never seen it work quite this way, or nearly this fast,” Mr. Burt said. “We are doing in hours now what, even a few years ago, would have taken weeks or months.”
Company executives, some newly armed with security clearances, are joining secure calls to hear an array of briefings organized by the National Security Agency and United States Cyber Command, along with British authorities, among others. But much of the actionable intelligence is being found by companies like Microsoft and Google, who can see what is flowing across their vast networks.
Meta, the parent company of Facebook, disclosed on Sunday that it had discovered hackers taking over accounts belonging to Ukrainian military officials and public figures. The hackers tried to use their access to these accounts to spread disinformation, posting videos that purported to show the Ukrainian military surrendering. Meta responded by locking down the accounts and alerting the users who had been targeted.
Twitter said it had found signs that hackers attempted to compromise accounts on its platform, and YouTube said it had removed five channels that posted videos used in the disinformation campaign.
Apple has paused sales of its products in Russia and is also disabling features in its maps app “as a safety and precautionary measure for Ukrainian citizens.”
Apple said it had removed two Russian state-run media platforms, Russia Today and Sputnik, from the Apple App Store outside Russia, stopped all exports into its Russian sales channel last week, and disabled both traffic and live incident features in its Apple Maps app in Ukraine.
Apple has also “limited” the use of Apple Pay “and other services” in Russia.
President Biden has stepped up his warnings to Russia against any sort of cyberattack on the United States.
“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” Mr. Biden said.
“There’s a risk that whatever cybertools Russia uses in Ukraine don’t stay in Ukraine,” said Representative Adam B. Schiff, who leads the House Intelligence Committee, in an interview last week. “We’ve seen this before, where malware directed to a certain target gets released in the wild and then takes on a life of its own. So we could be the victim of Russian malware that has gone beyond its intended target.” [24×7]