New Blog Post | Destructive malware targeting Ukrainian organizations



Destructive malware targeting Ukrainian organizations - Microsoft Security Blog

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to proactively protect from any malicious activity.

While our investigation is continuing, MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.

1 Reply

@AshleyMartin Let do let me know good malware & phising policy which we can setup in O365, so we can removed the other email gateways from infra and only use to receive email (incoming) from O365.

We wants to get rid of the email gateway if O365 have that kind of policy.

Mailflow  (Incoming) :  Internet >>> email gateway >>>O365 (hybrid)