Information Technology

If one event demonstrated how vulnerable organisations and infrastructure around the world are to software vulnerabilities, it was Log4j.The critical zero-day vulnerability in the Java logging library Apache Log4j enabled attackers to remotely execute code to gain access to devices and networks. And because the open-source software was embedded in a vast array of applications, services and enterprise software tools, it had the potential for widespread and long-term disruption.

No wonder director of US cybersecurity and infrastructure agency CISA Jen Easterly described the vulnerability as “one of the most serious that I’ve seen in my entire career, if not the most serious”.Security patches were quickly developed and organisations quickly moved to apply them, although the ubiquitous nature of Log4j’s open-source code means there will be software and applications out there which won’t receive the update, especially if nobody realises Log4j was part of the development process.Log4j is just one example of severe security vulnerabilities being uncovered in software that has been used for years – and it came 20 years on from when then-Microsoft boss Bill Gates issued his Trustworthy Computing memo, which urged Microsoft’s developers to produce more secure software after various bugs and security holes were uncovered in its operating systems and products.”Eventually, our software should be so fundamentally secure that customers never even worry about it,” wrote Gates.Two decades on, and while Microsoft Windows is generally regarded as a pretty secure operating system, when used correctly and security updates are applied, even Microsoft can’t escape critical vulnerabilities in the code. And more broadly there is still far too much insecure software around. Software has always shipped with bugs, but software and services have become ever more important to our everyday lives, making the potential impact of security vulnerabilities even more damaging. In many ways, software development hasn’t evolved to face this new reality: products are still rolled out, only for vulnerabilities — sometimes major ones — to be discovered much later. And when it involves a somewhat obscure component like Log4j, organisations might not even be certain if they’re affected or not.”Inherently, the way in which we do software development just lends itself towards bugs and defects,” says Rob Junker, CTO and head of software development teams at Code42, a software security company.”The accelerated pace of work that we live in contradicts most security teams’ best practices”.

Cybersecurity wants to make software secure, a process that needs investment, personnel and time. That often flies in the face of what companies who build software require: they want to make sure the code is functional and to get it out there as soon as possible, especially if new products or features are depending on it. SEE: A winning strategy for cybersecurity (ZDNet special report) The state of security is massively uneven across the industry, with pretty good security at some of the top vendors, but the vast majority — even ones that are very well funded — lacking basic security investments, says Katie Moussouris, CEO of Luta Security.”Unfortunately we we’ve seen an under investment in cybersecurity over the last 20 to 30 years,” she says.What companies need to do is ensure that cybersecurity is baked in from the very start and features as the building blocks of a software development program at every step of the way — that way all the risks and potential risks can be considered and acted upon before they become problems down the line.”If you think about how software is made and deployed and maintained, it’s a whole supply chain. And it starts out with when you’re designing software or you’re thinking about new features,” says Jonathan Knudsen, senior security strategist at Synopsys, a software security firm.”In the design phase, you have to be thinking about security, you have to do threat modelling or architectural risk assessments, so before you write any code you’re just thinking about how it’s going to work, and what it’s going to do — and how it could be attacked,” he added.SEE: Cybersecurity: Let’s get tactical (ZDNet special report)Bosses might be reluctant to spend the extra time and resources on ensuring code gets delivered securely, but in the long run, it should be the most effective approach, both in terms of cost and reputation. It’s safer to ensure the code is secure before it’s pushed out, rather than having to deliver a critical update later on, which might not even be applied by users.The problem is that many organisations are so used to a development model where speed is key, and the risks to them of producing poor code are seen as relatively low.

That could mean more hands-on intervention is needed in order to encourage secure code — and penalise those who wilfully ignore security issues.”In other industries where we have such a critical dependence we regulated those industries, but software has remained largely unregulated, so there’s no software liability laws,” says Moussouris.There has been some movement in this area: for example, the UK government has proposed legislation that will require Internet of Things device manufacturers to follow a set of software security rules before the products can be sold.However, government moves at a slower pace than the industry and even if the rules are enforced, there’s already plenty of IoT software out there that wouldn’t meet the requirements. But as organisations and individuals become more aware of cybersecurity issues, it could be the case that the market forces organisations to take software more seriously — leaving software developers who don’t think about security left behind.”Globally we’re getting more aware about software security, and so I think this is going to translate into buyers asking tougher questions from their builders,” says Knudson.It’s, therefore, vital for software developers, their customers and even society as a whole, that software security is taken seriously. Perhaps ‘move fast and fix things’ could be a new motto for developers to aspire to.MORE ON CYBERSECURITY More

A healthcare provider fell victim to two simultaneous cyber attacks by two separate ransomware gangs using different techniques to exploit unpatched security vulnerabilities in Microsoft Exchange Server at the same time, which even led to the second ransomware attack encrypting the ransom note left by the first. Detailed by cybersecurity researchers at Sophos, the cyber attacks against the undisclosed Canadian healthcare provider took place in early December 2021, although the investigation into the attacks revealed that the first intrusion into the network took place months beforehand in August. It’s likely that this first compromise was by an initial access broker, a cyber criminal who looks for vulnerabilities in networks, compromises them and sells access to others on underground forums. While both campaigns exploited ProxyShell vulnerabilities on Microsoft’s Exchange platform (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207), the two ransomware gangs went about it in different ways. The first ransomware group to reveal their attack, identified as Karma, accessed the network on November 30, connecting with an administrator account from a compromised workstation over Remote Desktop Protocol (RDP) functions. Then they used penetration testing tool Cobalt Strike and PowerShell beacons to help gain additional access to the compromised network. The Karma attackers also accessed the vulnerable server by RDP, in order to steal over 52GB of data before dropping a ransom note on over 20 computers on December 3. The cyber criminals noted they didn’t encrypt the machines because the victim was a healthcare organisation, but they demanded a ransom payment for the return of the stolen data.  SEE: Cybersecurity: Let’s get tactical (ZDNet special report)But while this was happening, the network was already compromised by a separate and unrelated cyber attack by Conti, one of the most notorious ransomware gangs, responsible for a string of high-profile attacks. Conti actually gained access to the network before Karma, dropping a ProxyShell exploit to gain access to the same server on November 25. The next stage followed on December 1 when an attacker used a hacked local administrator account to download and install Cobalt Strike beacons and execute PowerShell for lateral movement around the network and collecting data. The Conti attackers also exploited compromised RDP credentials in the next stage of the attack, to upload all the data stolen from the servers. Like Karma, this amounted to 52GB of files, which were uploaded to cloud storage. It’s after the data was stolen that the Conti ransomware payload was dropped from compromised servers, encrypting the healthcare organisation’s data a second time – including the earlier ransom notes left by Karma.  “To be hit by a dual ransomware attack is a nightmare scenario for any organisation. Across the estimated timeline there was a period of around four days when the Conti and Karma attackers were simultaneously active in the target’s network, moving around each other,” said Sean Gallagher, senior threat researcher at Sophos. Researchers haven’t publicly detailed how the ransomware attacks were resolved, but both Karma and Conti exploited vulnerabilities in Microsoft Exchange which emerged months ahead of the initial network compromise. If the organisation had been able to apply the relevant security updates in a more urgent manner, cyber criminals wouldn’t have been able to exploit Microsoft Exchange as an attack vector in the first place. Despite network monitoring and some malware protection in place, both sets of attackers were able to operate inside the network without being detected, a reminder that information security teams should be on the lookout for potentially suspicious behavior to help prevent fully fledged cyber incidents. “Defense-in-depth is vital for identifying and blocking attackers at any stage of the attack chain, while proactive, human-led threat hunting should investigate all potentially suspicious behavior, such as unexpected remote access service logins or the use of legitimate tools outside the normal pattern, as these could be early warning signs of an imminent ransomware attack,” said Gallagher. MORE ON CYBERSECURITY More

Ukraine has created what is describes as an “IT army” to defend against Russian hackers and to launch counter operations against cyber threats.Russia’s invasion of Ukraine has been accompanied by cyberattacks targeting the country’s services and infrastructure, including DDoS attacks and destructive wiper malware campaigns – leading to the Ukrainian government calling for volunteers to aid with cybersecurity. But it has also asked for support in conducting offensive cyber operations back at Russia.

ZDNet Recommends

“We are creating an IT army,” Mykhailo Fedorov, vice prime minister of Ukraine said in a tweet at the weekend. “There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists,” he added, alongside a Telegram link to join the ‘IT Army of Ukraine’, which now has tens of thousands of subscribers.SEE: Cybersecurity: Let’s get tactical (ZDNet special report)In addition to helping to protect Ukrainian critical infrastructure and services from attacks, supporters were provided with a list of websites of 31 Russian targets. They include organisations in both the state-backed and private sectors, including government agencies, banks, critical infrastructure and energy providers, including Gazprom and Lukoil, as well Russian email provider and search engine, Yandex. The list of targets is also being circulated in some underground forums.This IT army is just one of the online efforts taking place during the conflict; hacktivist collective Anonymous has said it is taking action in support of Ukraine and against Russia, while Russia-based cyber-criminal groups have also indicated that they’ll take offensive action in support of Vladimir Putin’s invasion.This includes the ransomware group Conti, which announced “full support of Russian government” and the intention to “strike back at the critical infrastructure of an enemy” in response to cyberattacks against Russia. A later statement by Conti claimed it doesn’t support any government, but it will strike back against the West and “American cyber aggression”. Conti has since seen many of its internal documents leaked in what appears to be another act of retaliation. Meanwhile, the BBC has also reported how Russian hackers – without direct orders from the state – are also attempting to hack Ukrainian websites and services.According to analysis by Check Point, there’s a 196% increase in cyberattacks targeting Ukraine’s government and military since Russia sent troops in last week. It’s likely that cyberattacks will continue in both directions, particularly as more and more people join Ukraine’s cyber army.”We’re now witnessing a concentrated attack to take down major websites and services in Russia and other surrounding countries, much like a community-driven effort. They have to deal with waves of DDoS attacks that are likely to worsen as time goes by,” says Silviu Stahie, a security analyst at Bitdefender.It’s much too early to understand the impact of any of these developments. Something on the scale of Ukraine’s IT army has never been tried before, so it’s hard to know what kind of impact it will have, although it may play an important part simply in rallying support in broader terms. 

Ukraine Crisis

There’s also the concern that civilians launching their own hacking attempts could have unexpected consequences. And the rise of offensive cyberattacks carried out by civilians raises a whole host of new questions – particularly as, in many countries, engaging in hacking is illegal.”Conducting or participating in cyberattacks, even in what could be considered a noble effort to support Ukraine against the Russian aggression and invasion, could be subject to how different countries interpret hacking laws,” says Jens Monrad, head of threat intelligence, EMEA, at Mandiant.”Another risk associated with this operation is how well each individual can protect themselves and how Russia might perceive it if they identify a foreign person suddenly hacking Russian targets,” says Monrad.SEE: A winning strategy for cybersecurity (ZDNet special report)There’s also the risk that cyberattacks, intentionally or not, could cause disruption outside Ukraine and Russia. As UK National Cyber Security Centre (NCSC) CEO Lindy Cameron commented recently: “Cyberattacks do not respect geographic boundaries”. International consensus also suggests the Russian military was behind the widespread and disruptive NotPetya malware attack of June 2017. The malware attack was designed to disrupt financial, energy and government sectors in Ukraine, but the malware spread to organisations around the world, costing an estimated billions of dollars in damages.”As a combat veteran, I’m in total awe of the courage of the Ukrainian people. While there are no specific threats to the US, we must be prepared for spillover effects of Russian cyber ops or an uptick in ransomware,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Twitter.CISA, along with the UK’s NCSC, are among those cybersecurity agencies that have published advice on defending against cyber threats. In this environment, organisations around the world would be wise to examine their cybersecurity defences – because what comes next could be unpredictable. MORE ON CYBERSECURITY More

Ukraine has requested major cryptocurrency exchanges restrict the activities of Russian account holders.  Mykhailo Fedorov, the Vice Prime Minister and Minister of Digital Transformation of Ukraine, tweeted the appeal on February 27, asking that “all major crypto exchanges block addresses of Russian users.”

Ukraine Crisis

“It’s crucial to freeze not only the addresses linked to Russian and Belarusian politicians but also to sabotage ordinary users,” Fedorov said.  Economic sanctions and the upcoming exclusion of some Russian banks from the global SWIFT financial system have already prompted concerns of a cash run in Russia. But crypto companies have so far not agreed with the Ukrainian request to block all Russian users. A Binance spokesperson told Reuters that the cryptocurrency exchange is “blocking accounts of those on the sanctions list (if they have Binance accounts) and ensuring that all sanctions are met in full.” Binance has no plans to extend the ban to typical Russian account holders.  Coinbase has refused the request and told Decrypt that “a unilateral and total ban would punish ordinary Russian citizens who are enduring historic currency destabilization as a result of their government’s aggression against a democratic neighbor.” However, the organization will comply with any future sanctions.  Jesse Powell, the co-founder & CEO of the Kraken cryptocurrency trading post, went further in a Twitter thread to explain the firm’s stance, in which the company “cannot freeze the accounts of our Russian clients without a legal requirement to do so.”  With that, he warned: “Russians should be aware that such a requirement could be imminent.” Powell also said that foreign states, such as the United States, could impose such sanctions “as a weapon to turn the Russian populace against its government’s policies.” DMarket, an NFT and metaverse platform originating from Ukraine, has taken a different stance. The startup says it has “cut all relationships with Russia and Belarus,” now prohibits sign-ups from these countries, and has frozen the assets of “previously registered users” in these countries.  Assets and skins have not been confiscated and remain in user accounts, but DMarket says “access to their use is currently limited.” The Russian Ruble has also been removed from the platform.  Fedorov applauded the decision, calling the organization “Nowadays Robin Hoods.” Cryptocurrency giants may not consider bans, but they are contributing to other efforts. Binance said it would donate $10 million to humanitarian efforts in Ukraine, and Crypto.com has made a $1 million donation to the Red Cross. “We urge our community to do what they can to support humanitarian efforts,” Crypto.com said.  In related news, Fedorov published a list of cryptocurrency wallet addresses for donations to Ukraine. According to blockchain analysis provider Elliptic, $24.6 million through over 26,000 cryptoasset donations has been raised at the time of writing.  The organization says that the “majority” of donations have been made in Bitcoin (BTC) and Ethereum (ETH), but NFTs are also being handed over to Ukraine.  It should be noted that fraudsters are attempting to cash in on the conflict.  “Elliptic has identified a number of fraudulent crypto fundraising scams which are exploiting the current situation,” the company says.  See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Security researchers have uncovered a stealthy backdoor from a China-linked hacking group that is being used to target critical infrastructure in multiple countries. The malware, dubbed Daxin by researchers at Broadcom-owned Symantec, is a backdoor ‘rootkit’ or malware designed to give an attacker low-level ‘root’ privilege-level access to a compromised system. It was last used in November 2021, according to Symantec. 

ZDNet Recommends

Symantec declared in a blogpost that the Windows kernel driver malware was the “most advanced piece of malware” its researchers had seen from China-linked actors. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)The malware is designed to penetrate networks that have been hardened against cyberattacks.The US Cybersecurity and Infrastructure Agency (CISA) marked Daxin as a “high-impact” security incident based on information shared through its private sector US cybersecurity partners in the Joint Cyber Defense Collaborative. CISA notes that Daxin has been used against select governments and other critical infrastructure targets. CISA and Symantec engaged with multiple governments targeted with Daxin malware and assisted in detection and remediation, CISA says. Daxin is a “highly sophisticated rootkit backdoor with complex, stealthy command and control (C2) functionality”, according to CISA. “Daxin appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions,” CISA notes. Symantec researchers believe the malware is used for espionage rather than to destroy data like the WhisperGate and HermeticWiper malware currently targeting Ukraine organizations. “Most of the targets appear to be organizations and governments of strategic interest to China,” Symantec threat researchers said. “Daxin is without doubt the most advanced piece of malware Symantec researchers have seen used by a China-linked actor.”       Windows kernel driver malware is rare today, according to Symantec researchers, who believe it is similar to Regin, a piece of malware its researchers were impressed by in 2014. Daxin’s standout feature is that it doesn’t start its own network services but relies on legitimate network services running on computers it’s already compromised. The methods are similar to “living-off-the-land” techniques that Microsoft has previously warned about in connection with malware that uses legitimate Windows services to evade detection. But rather than riding on legitimate operating-system processes, Daxin exploits legitimate secured network traffic between internal servers to infect computers and avoid detection.   The malware allows the attackers to communicate across a network of infected computers and picks the optimal path for communications between those computers in a single sweep. It works by hijacking the encryption key exchange process between networked computers based on incoming TCP traffic signals that indicate whether a given connection is worth targeting. SEE: Linux malware attacks are on the rise, and businesses aren’t ready for itTCP is one of the internet’s original protocols, designed to protect end-to-end communications between network-connected devices. “While it is not uncommon for attackers’ communications to make multiple hops across networks in order to get around firewalls and generally avoid raising suspicions, this is usually done step-by-step, such that each hop requires a separate action,” Symantec notes. “However, in the case of Daxin, this process is a single operation, suggesting the malware is designed for attacks on well-guarded networks, where attackers may need to periodically reconnect into compromised computers.”Symantec notes that the attackers attempted to deploy Daxin in 2019 using a PsExec session. PSExec is a legitimate Windows tool that allows admins to remotely fix computers. However, it adds that similarities between the code bases of Daxin and previously known malware called Zala suggest the group has been active since 2009. Daxin improves on Zala’s pre-existing networking features.  More

Google’s Threat Analysis Group (TAG) has taken down a “coordinated influence operation” connected to Belarus, Moldova, and Ukraine.

Ukraine Crisis

On February 28, TAG member Shane Huntley published a bulletin sharing some of the unit’s latest efforts to tackle the spread of misinformation, including the removal of a coordinated campaign involving these countries – a topical issue considering the current Russia-Ukraine conflict. The influence operation was terminated in January, prior to the start of the conflict, but at a time when tensions between Russia and Ukraine was rising due to the presence of Russian troops at Ukraine’s border. According to Google TAG, four YouTube channels, two AdSense accounts – used to generate revenue by displaying advertisements – and one Blogger blog were wiped out in connection to this network. In addition, six domains were added to a denylist to stop them appearing on Google News surfaces and Discover. Google says that the campaign “was sharing content in English that was about a variety of topics including US and European current events,” and while the tech giant did not reveal further details, did say that the network was “financially motivated.” Google TAG also tackled a relatively large “influence operation linked to China.” In total, 4361 YouTube channels were destroyed in January. The majority of these channels were spreading Chinese spam content, but some uploaded content in both English and Chinese languages concerning China and US foreign events.  Furthermore, TAG has taken down YouTube channels, AdSense accounts, and Play developer accounts belonging to influence campaigns linked to Iraq, Turkey, and Libya’s politics and current affairs.  As the Russian-Ukraine conflict continues, Google has increased account protection for those in the region considered to be at higher risk of cyberattacks or attempted account compromise. This includes enabling two-factor authentication (2FA) and promoting the Advanced Protection Program.  Google said on Twitter that its “threat intel teams continue to look out for and disrupt disinfo campaigns, hacking, and financially motivated abuse, and are working with other companies and relevant government bodies to address these threats.” In related news, Meta – formerly known as Facebook – is also attempting to combat misinformation. A number of accounts belonging to Russian state-media organizations have been blocked, and access to Russia Today (RT) and Sputnik across the European Union has been restricted.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Asha Barbaschow/ZDNet
Macquarie Telecom has labelled Australia’s critical infrastructure reforms as “watered down”, warning that many data storage or processing service providers may be able to avoid regulation due to the reforms’ primary focus on “business-critical data”.”This is a significant and dangerous reduction in the scope of [Australia’s critical infrastructure laws] because business-critical data does not describe the type of information that is most commonly held by government departments and agencies nor what is crucial to the functioning of government,” the Australian cloud and data storage provider said.Macquarie Telecom’s remarks were made to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which is currently reviewing the latest critical infrastructure reforms that were introduced into Parliament last month.The reforms have so far come in the form of two pieces of legislation; the first became law in December to give government “last resort” powers to direct a critical infrastructure entity on how to intervene against cyber attacks; the second piece of legislation, which is what Macquarie Telecom has flagged as requiring amendments, looks to add requirements for critical infrastructure entities to have risk management programs in place and entities deemed “most important to the nation” to adhere to enhanced cybersecurity obligations.Unpacking Macquarie Telecom’s concerns, the company said the second piece of legislation — known as the SLACIP Bill — seeks to amend existing laws so that critical infrastructure entity requirements do not apply to data storage providers unless the government data they store or process comprises “business-critical data”. According to the company, this would result in various types of data not being covered by the regulation’s risk management program requirement. Examples of data that would not be covered by the critical infrastructure reforms are highly classified government information, the entirety of the National Archives of Australia, official company records for the Australian Security and Investments Commission, official records of deaths for a state registry office, official geophysical data, and the systems that underpin the operation of the video teleconference links used by the federal and state courts, Macquarie Telecom said.”The gaps and consequences arising from the proposed change to the definition are significant and, in the circumstances, seem absurd,” it added.In addition to not being happy about the “business-critical data” definition amendment, Macquarie Telecom said the reforms being geographically limited to Australia could create competitive disadvantages for data storage providers whose assets are based entirely in Australia. The company explained this competitive disadvantage could arise as the “jurisdictional gap” would create an incentive for all types of critical infrastructure providers and their suppliers to shift data stores and processing functions offshore where they will be beyond the scope of Australia’s critical infrastructure laws. It also said the geographic limit means that Australia’s critical infrastructure laws do not contain a mechanism to protect nationally significant critical data workloads from being transferred offshore where it could potentially be outside Australia’s jurisdiction.”The rationale for excluding critical Australian data storage and processing assets located overseas has not been explained. It is in stark contrast to the approach adopted in other laws, which expressly apply to data stored overseas,” Macquarie Telecom said.The federal government’s critical infrastructure reforms sit alongside the ransomware action plan as being its primary regulatory efforts for bolstering Australia’s cybersecurity posture. Labelled by Home Affairs Secretary Mike Pezzullo last month as the government’s “defence” against cyber threats, with the ransomware action plan forming the “offence”, he said the SLACIP Bill would ideally create a standardised critical infrastructure framework to enable Australia’s intelligence agencies to approach cyber attacks in a precautionary fashion due to the additional information it would receive. More

Image: Sean Gladwell/Getty Images
Meta, formerly known as Facebook, has now restricted access to Russian state-based media outlets Russia Today (RT) and Sputnik across the European Union.”We have received requests from a number of governments and the EU to take further steps in relation to Russian state-controlled media,” Meta VP global affairs Nick Clegg wrote in a tweet. “Given the exceptional nature of the current situation, we will be restricting access to RT and Sputnik across the EU at this time.”We will continue to work closely with governments on this issue.”The ban is in addition to restrictions the social media giant already had placed on Russian state-media accounts in Ukraine in response to Russia’s invasion into the country, which began five days ago. It comes off the back of EU Commission president Ursula von der Leyen saying the bloc would place a ban on RT and Sputnik, as well as their subsidiaries.”We will ban the Kremlin’s media machine in the EU. The state-owned Russia Today and Sputnik, and their subsidiaries, will no longer be able to spread their lies to justify Putin’s war,” she said.”We are developing tools to ban their toxic and harmful disinformation in Europe.”Meanwhile, Twitter has also taken additional steps to fight against Russian misinformation by adding labels on tweets that share links from Russian state-based media websites. Twitter will also be reducing the content’s visibility. The labels will be added to state-affiliated media outlets in the “coming weeks”, Twitter head of site integrity Yoel Roth wrote in a tweet.”We’ve learned that labelling Tweets is another way we can add helpful context to conversations around some of the most critical issues, such as COVID-19 and elections happening around the world,” he said.”This work builds on the numerous steps we’ve taken over the past week — from pausing ads in Ukraine and Russia, to launching timeline prompts with context about the crisis. We remain vigilant and will keep you updated along the way.”Microsoft has also announced measures to reduce misinformation.”We are moving swiftly to take new steps to reduce the exposure of Russian state propaganda, as well to ensure our own platforms do not inadvertently fund these operations,” the company announced in a post. “In accordance with the EU’s recent decision, the Microsoft Start platform (including MSN.com) will not display any state-sponsored RT and Sputnik content.”We are removing RT news apps from our Windows app store and further de-ranking these sites’ search results on Bing so that it will only return RT and Sputnik links when a user clearly intends to navigate to those pages. Finally, we are banning all advertisements from RT and Sputnik across our ad network and will not place any ads from our ad network on these sites.”

Ukraine Crisis

Updated at 10:49am AEST, 1 March 2022: added further information about Microsoft Start platform activation. More