{"id":3464,"date":"2025-06-05T12:16:40","date_gmt":"2025-06-05T12:16:40","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3464"},"modified":"2025-06-05T12:16:40","modified_gmt":"2025-06-05T12:16:40","slug":"microsoft-launches-european-security-program-to-counter-nation-state-threats","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3464","title":{"rendered":"Microsoft launches European Security Program to counter nation-state threats"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Microsoft (<a href=\"https:\/\/finance.yahoo.com\/quote\/MSFT\/\" target=\"_blank\" rel=\"noopener\">Nasdaq:MSFT<\/a>) has announced a comprehensive cybersecurity program that will provide free AI-powered defense tools to European governments facing increasing attacks from Russian, Chinese, Iranian, and North Korean state-sponsored hackers.<\/p>\n<p>The European Security Program, unveiled in Berlin by Microsoft Vice Chair Brad Smith, will offer threat intelligence, automated attack disruption, and investigative support to all 27 EU member states, plus the UK, the EU accession countries, and European Free Trade Association members at no cost.<\/p>\n<p>\u201cRansomware groups and state-sponsored actors from Russia, China, Iran, and North Korea continue to grow in scope and sophistication, and European cyber protection cannot afford to stand still,\u201d Smith wrote in a <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2025\/06\/04\/microsoft-launches-new-european-security-program\/\" target=\"_blank\" rel=\"noopener\">blog post<\/a>.<\/p>\n<p>The program represents an expansion of Microsoft\u2019s existing <a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/gsp\">Government Secu<\/a><a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/gsp\" target=\"_blank\" rel=\"noopener\">rit<\/a><a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/gsp\">y Program<\/a> and implements one of five European Digital Commitments the company made in Brussels five weeks ago.<\/p>\n<h2 class=\"wp-block-heading\">Rising threat environment<\/h2>\n<p>Microsoft\u2019s move comes as the company documents persistent threat activity targeting European networks. Russian operators remain focused on Ukraine and European nations supporting Ukraine\u2019s defense efforts, while Chinese threat actors have launched systematic campaigns against academic institutions and think tanks.<\/p>\n<p>The threat landscape has grown more complex with AI entering cybersecurity operations. Microsoft now tracks threat actors using AI for reconnaissance, vulnerability research, social engineering, and brute force attacks.<\/p>\n<p>\u201cMicrosoft has observed AI use by threat actors for reconnaissance, vulnerability research, translation, LLM-refined operational command techniques, resource development, scripting techniques, detection evasion, social engineering, and brute force attacks,\u201d Smith added.<\/p>\n<h2 class=\"wp-block-heading\">Three-component strategy<\/h2>\n<p>The European Security Program will operate through three main components designed to strengthen continental cyber defenses.<\/p>\n<p>The first element centers on enhanced threat intelligence sharing, where Microsoft will provide European governments with AI-enhanced, real-time insights into nation-state tactics.<\/p>\n<p>The company\u2019s Digital Crimes Unit will expand intelligence sharing through the Cybercrime Threat Intelligence Program, giving European partners immediate access to takedown operations and threat actor movements, the blog added.<\/p>\n<p>The program\u2019s second component focuses on strengthening cybersecurity capacity through direct collaboration. Microsoft is embedding its investigators inside Europol\u2019s European Cybercrime Centre in The Hague through a pilot program that will create joint investigation capabilities. The company has also renewed its partnership with the CyberPeace Institute, deploying nearly 100 Microsoft volunteers to defend vulnerable targets.<\/p>\n<p>The third element involves expanding disruption partnerships through the Statutory Automated Disruption Program, launched in April 2025. This system automatically triggers legal abuse notifications to hosting providers, rapidly dismantling malicious domains and IP addresses across Europe and the US.<\/p>\n<p>Each participating government will receive a dedicated Microsoft point of contact to coordinate responses and escalate concerns.<\/p>\n<h2 class=\"wp-block-heading\">Strategic and competitive implications<\/h2>\n<p>Industry analysts view the program as strategically significant beyond cybersecurity. Praharsh Srivastava, senior analyst at Everest Group, said Microsoft\u2019s initiative positions the company \u201cahead of rivals like Google Cloud, AWS, and IBM\u201d while building long-term government relationships that \u201cmay drive future commercial gains through paid services, cloud adoption, and AI solutions.\u201d<\/p>\n<p>Sanchit Vir Gogia, chief analyst at Greyhound Research, described the program as \u201ca strategic escalation in the platform wars, where cybersecurity is no longer a revenue line \u2014 it is a loyalty lock.\u201d<\/p>\n<p>\u201cBy embedding premium services\u2014from forensic investigations to national-level threat coordination\u2014into a zero-cost model, Microsoft is not just displacing point solution vendors. It\u2019s solidifying its claim as a foundational infrastructure partner,\u201d Gogia said.<\/p>\n<h2 class=\"wp-block-heading\">Track record of operations<\/h2>\n<p>Microsoft brings substantial experience to the initiative. The company has conducted seven legal actions against nation-state threat actors since 2016, targeting groups it internally codes as <a href=\"https:\/\/www.csoonline.com\/article\/3996192\/new-russian-apt-group-void-blizzard-targets-nato-based-orgs-after-infiltrating-dutch-police.html\">Blizzard<\/a> (Russia), <a href=\"https:\/\/www.csoonline.com\/article\/3856291\/salt-typhoon-may-have-upgraded-backdoors-for-efficiency-and-evasion.html\">Typhoon<\/a> (China), Sandstorm (Iran), and Sleet (North Korea).<\/p>\n<p>Recent operations demonstrate this capability. In September 2024, Microsoft disrupted Russian group Star Blizzard\u2019s activities, seizing over 140 malicious domains and forcing the group to abandon established attack methods.<\/p>\n<p>Last month, the company worked with Europol to take down the <a href=\"https:\/\/www.csoonline.com\/article\/3993289\/feds-and-microsoft-crush-lumma-stealer-that-stole-millions-of-passwords.html?utm=hybrid_search\">Lumma infostealer malware<\/a>, neutralizing nearly 400,000 infected devices and seizing over 2,300 command-and-control domains.<\/p>\n<h2 class=\"wp-block-heading\">Digital sovereignty and operational challenges<\/h2>\n<p>The program, however, raises questions about European digital sovereignty and operational complexity. Srivastava noted that while Microsoft\u2019s initiatives offer immediate cybersecurity benefits, they \u201cintersect with the EU\u2019s emphasis on digital sovereignty and may increase dependency on non-European providers.\u201d<\/p>\n<p>Gogia highlighted coordination challenges across Europe\u2019s diverse landscape. \u201cThere is no common legal backbone across EU states for defining, reporting, or remediating cyber threats,\u201d he observed. \u201cWhat counts as a critical incident in one country may not even trigger an alert in another.\u201d<\/p>\n<p>The program arrives as European policymakers implement comprehensive cybersecurity frameworks, including the EU\u2019s Network and Information Security Directive and the proposed Cyber Resilience Act. Microsoft said it will make the program available immediately to eligible European governments. The initiative extends beyond immediate threat response to include investments in cybersecurity research, talent development, and open-source security improvements.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Microsoft (Nasdaq:MSFT) has announced a comprehensive cybersecurity program that will provide free AI-powered defense tools to European governments facing increasing attacks from Russian, Chinese, Iranian, and North Korean state-sponsored hackers. The European Security Program, unveiled in Berlin by Microsoft Vice Chair Brad Smith, will offer threat intelligence, automated attack disruption, and investigative support to all [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":3451,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3464","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3464"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3464"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3464\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3451"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}