As AI and digital applied sciences advance, the European cyber risk panorama continues to evolve, presenting new challenges that require stronger partnerships and enhanced options. Ransomware teams and state-sponsored actors from Russia, China, Iran, and North Korea proceed to develop in scope and class, and European cyber safety can not afford to face nonetheless.
That’s the reason, at present, in Berlin, we’re asserting a brand new Microsoft initiative to develop our longstanding work to assist defend Europe’s cybersecurity. Implementing one of many 5 European Digital Commitments I shared in Brussels 5 weeks in the past, we’re launching a brand new European Safety Program that provides to the corporate’s longstanding world Authorities Safety Program.
This new program expands the geographic attain of our present work and provides new parts that can develop into vital to Europe’s safety. It places AI on the middle of our work as a software to guard conventional cybersecurity wants and strengthens our safety of digital and AI infrastructure.
We’re launching the European Safety Program with three new parts:
Growing AI-based risk intelligence sharing with European governments;
Making further investments to strengthen cybersecurity capability and resilience; and
Increasing our partnerships to disrupt cyberattacks and dismantle the networks cybercriminals use.
We’re making this program out there to European governments, freed from cost, together with all 27 European Union (EU) member states, in addition to EU accession nations, members of the European Free Commerce Affiliation (EFTA), the UK, Monaco, and the Vatican.
Collectively, these efforts mirror Microsoft’s long-term dedication to defending Europe’s digital ecosystem—making certain that, regardless of how the risk panorama evolves, we’ll stay a trusted and steadfast associate to Europe in securing its digital future.
The necessity for brand new steps – the present risk surroundings
Microsoft continues to look at persistent risk exercise concentrating on European networks from nation state actors, with Russian and Chinese language exercise being significantly prolific in Europe. Unsurprisingly, Russia continues to be particularly targeted on targets in Ukraine and European nations offering help to Ukraine. Nation-state actors, together with these partaking in malicious exercise from Iran and North Korea, are predominantly pursuing espionage goals in Europe via credential theft or the exploitation of vulnerabilities to achieve entry to company and authorities networks. A number of campaigns, together with these from China, have additionally focused tutorial establishments, compromising accounts to entry delicate analysis knowledge or conduct geopolitical espionage towards suppose tanks. Cybercriminals proceed to develop Ransomware-as-a-Service past nation-state threats. We now have seen the emergence of illicit web sites quickly gaining followings by leaking ransomware insights for use by prison teams to conduct assaults throughout Europe.
The rise of AI can also be augmenting and evolving risk actor habits. Microsoft has noticed AI use by risk actors for reconnaissance, vulnerability analysis, translation, LLM-refined operational command strategies, useful resource growth, scripting strategies, detection evasion, social engineering, and brute pressure assaults. For this reason Microsoft now tracks any malicious use of recent AI fashions we launch and proactively prevents recognized risk actors from utilizing our AI merchandise. This additionally underscores the significance of safe growth and rigorous testing of AI fashions, leveraging AI to learn cyber defenders, and shut public-private partnerships to share the most recent insights about AI and cybersecurity.
Growing AI-based risk intelligence sharing with governments
Microsoft’s Authorities Safety Program (GSP) has lengthy offered governments with confidential safety data and sources to assist them higher perceive our merchandise and the evolving risk panorama, significantly threats from nation-state actors. Constructing on present efforts, our new European Safety Program will enhance the stream and develop entry to actionable risk intelligence to European governments. Tailor-made to discrete nationwide risk environments utilizing AI insights, and delivered, when potential, in actual time, this program is designed to assist governments keep forward of advancing cyber threats via:
Leveraging risk intelligence insights – Microsoft tracks probably the most refined nation-state cyber exercise, providing well timed insights into evolving world threats. We use AI to help our evaluation, which has improved our visibility and accelerated our potential to share the most recent intelligence on the techniques, strategies, and procedures utilized by superior persistent risk actors, together with the malicious use of AI. By offering extra data and quicker, Microsoft will assist European governments strengthen their cyber resilience and allow proactive protection.
Increasing cybercrime reporting – The Microsoft Digital Crimes Unit (DCU) performs a vital position in detecting and disrupting world cybercriminal infrastructure, producing invaluable real-time intelligence within the course of. As a part of this new effort, we’re increasing the provision of this intelligence to trusted European companions to help fast response and coordinated enforcement motion via the Cybercrime Risk Intelligence Program (CTIP).
Offering overseas affect operations updates – The Microsoft Risk Evaluation Middle (MTAC) continues to watch affect operations in Europe, that are more and more utilizing AI to mislead and deceive with deepfake artificial media. MTAC additionally makes use of AI to search for commonalities throughout operations and can present common intelligence briefings on overseas affect, providing well timed insights into the techniques, narratives, and digital platforms leveraged by state-affiliated actors. These briefings assist policymakers and safety stakeholders keep forward of evolving disinformation campaigns and hybrid threats concentrating on democratic establishments and public belief.
Figuring out vulnerabilities and prioritizing safety communications – Microsoft is dedicated to proactive and clear safety communications, significantly within the face of rising threats and evolving vulnerabilities. We offer clients with well timed, actionable intelligence via structured applications such because the Risk Microsoft Safety Replace Information, Vulnerability Reporting course of, and Microsoft Defender Vulnerability Administration. As a part of this expanded dedication, we’ll supply prioritized discover of safety communications, together with vulnerability remediation steering to our European Safety Program companions, serving to to reinforce situational consciousness and enabling quicker responses.
Collaborating governments could have a devoted Microsoft level of contact to coordinate responses and escalate issues. These efforts are designed to enhance situational consciousness and to help quicker, extra coordinated motion throughout borders.
Making further investments to strengthen cybersecurity capability and resilience
Digital resilience—the flexibility to anticipate, face up to, get well from, and adapt to cyber threats and disruptions—requires greater than know-how. It requires funding in folks, establishments, and partnerships. As a part of the European Safety Program, we’re investing further sources to additional our work with European governments, civil society, and innovators to strengthen native capabilities and construct long-term resilience. Highlights embrace:
Strengthening public-private collaboration – Microsoft has launched a brand new pilot program with Europol’s European Cybercrime Centre (EC3), embedding Microsoft Digital Crimes Unit (DCU) investigators at EC3 headquarters in The Hague to reinforce intelligence sharing and operational coordination. Via this enhanced collaboration, we’ll allow joint investigations, establish quicker risk identification, and be higher positioned to disrupt cybercriminal exercise concentrating on European establishments and residents extra successfully.
Supporting civil society and defending towards ransomware – Microsoft has renewed our three-year partnership with the CyberPeace Institute to help NGOs and to advertise accountability for dangerous actors, together with practically 100 Microsoft staff volunteering their time and experience to assist defend probably the most weak in our on-line world. We are going to proceed to help the Institute’s efforts to hint ransomware origins, establish protected havens, and uncover potential hyperlinks to nation-state actors.
Increasing cybersecurity help to the Western Balkans – Via a brand new collaboration with the Western Balkans Cyber Capability Centre (WB3C), Microsoft will scale cybersecurity in a area the place malicious actors have lengthy sought to destabilize nations bordering the EU. Microsoft stands firmly in protection of Ukraine and is now extending that dedication with WB3C to assist scale cybersecurity capabilities in a geopolitically delicate and digitally under-resourced area, aligning with broader European cybersecurity priorities.
Advancing AI safety and innovation – Microsoft is investing further sources to help analysis, develop the cybersecurity expertise pipeline, and take a look at superior AI-assisted safety instruments in real-world environments utilizing Microsoft’s safety stack and Azure and Copilot capabilities. We’re working with the UK’s Laboratory for AI Safety Analysis (LASR), a public-private partnership established to advance AI safety in help of UK’s nationwide safety and financial prosperity. Collectively, we’re launching a joint analysis program targeted on AI-cybersecurity challenges with a concentrate on vital infrastructure and agentic AI safety, with an preliminary funding from Microsoft and research-collaboration between LASR and Microsoft Safety Analysis Middle.
Securing open-source innovation – Via the just lately launched GitHub Safe Open Supply Fund, we’ll help open-source tasks that underpin the digital provide chain, catalyze innovation, and are vital to the AI stack. By elevating the safety posture for European tasks akin to Log4J and Scancode, that are vital to the IT methods of governments and firms throughout the continent, this system goals to scale back future safety vulnerabilities. Guaranteeing these instruments can repeatedly face up to and sustainably defend towards refined cyber threats is important to strengthening cyber resilience.
These new and enhanced initiatives mirror our perception that cybersecurity is a collective endeavor—and that Europe’s digital resilience have to be constructed from the bottom up.
Increasing partnerships to disrupt cyberattacks and dismantle cybercriminal networks
Lastly, as a part of our European Safety Program we’re increasing our partnerships with regulation enforcement and regional actors to proactively establish new and modern methods to disrupt malicious and prison exercise.
As an example, final month, Microsoft’s Digital Crimes Unit (DCU) labored with Europol and others to take down Lumma, a prolific infostealer malware used to steal passwords, monetary knowledge, and crypto wallets. In simply two months, Lumma contaminated practically 400,000 gadgets globally, lots of them in Europe. The operation seized or blocked over 2,300 command-and-control domains. Off the again of this motion, we’re working with Europol to establish new alternatives to proceed to meaningfully disrupt and deter cybercrime.
Lumma-infected gadgets by nation in Europe
To speed up future takedowns, we additionally launched the Statutory Automated Disruption (SAD) Program in April 2025. This initiative automates authorized abuse notifications to internet hosting suppliers, enabling quicker removing of malicious domains and IP addresses. Targeted initially on Europe and the U.S., SAD raises the price of doing enterprise for cybercriminals and makes it tougher for them to function at scale.
As well as, we’re working with native web service suppliers to assist remediate affected customers and guarantee governments have higher visibility into rising threats.
The DCU has lengthy performed a number one position in proactively combating cyber threats, together with these originating from nation-state actors. Since 2016, Microsoft has filed seven authorized actions to highlight and disrupt nation-state risk actors from nations akin to Russia, China, Iran, and North Korea, which we confer with internally by the weather-themed names Blizzard, Hurricane, Sandstorm, and Sleet, respectively. Most just lately, in September 2024, Microsoft initiated a disruption motion towards the Russian actor Star Blizzard, talked about above, recognized for hacking political targets surrounding UK’s 2022 elections and concentrating on NATO nations to advance its geopolitical pursuits involving Ukraine. Microsoft uncovered the Russian actors and straight seized over 140 malicious domains in complete, considerably blunting ongoing campaigns and forcing Star Blizzard to considerably alter its assault strategies to different platforms, which Microsoft Risk Intelligence thereafter publicly uncovered in a safety weblog. We are going to proceed to behave towards these looking for to hurt clients, governments, and particular person customers. These efforts are a part of our broader technique to associate with regulation enforcement throughout Europe. We’re already engaged on coordinated disruptions to guard the digital ecosystem, and we stand prepared to offer sturdy incident response providers throughout crises, making certain our companions and clients are by no means alone within the face of cyber adversity.
We additionally imagine that deterrence is a vital pillar of contemporary cybersecurity. The EU’s Cyber Diplomacy Toolbox performs an important position on this effort, serving to to coordinate disaster response and ship a transparent message that malicious exercise is not going to go unanswered—legally, operationally, or reputationally.
Taken collectively, operations just like the Lumma disruption, the launch of SAD, and future coordinated disruptions are serving to to forestall cybercriminals and state actors from establishing malicious infrastructure in Europe.
* * *
At Microsoft, our dedication to Europe is deep, enduring, and unwavering. We imagine that Europe’s digital future is without doubt one of the most essential alternatives of our time—and defending that future is a duty we share. We are going to stand shoulder to shoulder with European governments, establishments, and communities to defend towards threats, construct capability, and strengthen resilience. We’re proud to be a trusted associate to Europe, and we’ll proceed to work each day to earn belief via transparency, collaboration, and a steadfast dedication to defending what issues most.
I love how you write—it’s like having a conversation with a good friend. Can’t wait to read more!This post pulled me in from the very first sentence. You have such a unique voice!Seriously, every time I think I’ll just skim through, I end up reading every word. Keep it up!Your posts always leave me thinking… and wanting more. This one was no exception!Such a smooth and engaging read—your writing flows effortlessly. Big fan here!Every time I read your work, I feel like I’m right there with you. Beautifully written!You have a real talent for storytelling. I couldn’t stop reading once I started.The way you express your thoughts is so natural and compelling. I’ll definitely be back for more!Wow—your writing is so vivid and alive. It’s hard not to get hooked!You really know how to connect with your readers. Your words resonate long after I finish reading.