As AI and digital applied sciences advance, the European cyber risk panorama continues to evolve, presenting new challenges that require stronger partnerships and enhanced options. Ransomware teams and state-sponsored actors from Russia, China, Iran, and North Korea proceed to develop in scope and class, and European cyber safety can’t afford to face nonetheless.
That’s the reason, right now, in Berlin, we’re asserting a brand new Microsoft initiative to develop our longstanding work to assist defend Europe’s cybersecurity. Implementing one of many 5 European Digital Commitments I shared in Brussels 5 weeks in the past, we’re launching a brand new European Safety Program that provides to the corporate’s longstanding international Authorities Safety Program.
This new program expands the geographic attain of our current work and provides new components that may grow to be essential to Europe’s safety. It places AI on the heart of our work as a instrument to guard conventional cybersecurity wants and strengthens our safety of digital and AI infrastructure.
We’re launching the European Safety Program with three new components:
- Rising AI-based risk intelligence sharing with European governments;
- Making extra investments to strengthen cybersecurity capability and resilience; and
- Increasing our partnerships to disrupt cyberattacks and dismantle the networks cybercriminals use.
We’re making this program accessible to European governments, freed from cost, together with all 27 European Union (EU) member states, in addition to EU accession international locations, members of the European Free Commerce Affiliation (EFTA), the UK, Monaco, and the Vatican.
Collectively, these efforts replicate Microsoft’s long-term dedication to defending Europe’s digital ecosystem—guaranteeing that, regardless of how the risk panorama evolves, we’ll stay a trusted and steadfast associate to Europe in securing its digital future.
The necessity for brand spanking new steps – the present risk setting
Microsoft continues to watch persistent risk exercise concentrating on European networks from nation state actors, with Russian and Chinese language exercise being notably prolific in Europe. Unsurprisingly, Russia continues to be particularly targeted on targets in Ukraine and European nations offering assist to Ukraine. Nation-state actors, together with these participating in malicious exercise from Iran and North Korea, are predominantly pursuing espionage targets in Europe by means of credential theft or the exploitation of vulnerabilities to realize entry to company and authorities networks. A number of campaigns, together with these from China, have additionally focused tutorial establishments, compromising accounts to entry delicate analysis information or conduct geopolitical espionage in opposition to suppose tanks. Cybercriminals proceed to develop Ransomware-as-a-Service past nation-state threats. We’ve got seen the emergence of illicit web sites quickly gaining followings by leaking ransomware insights for use by legal teams to conduct assaults throughout Europe.
The rise of AI can also be augmenting and evolving risk actor habits. Microsoft has noticed AI use by risk actors for reconnaissance, vulnerability analysis, translation, LLM-refined operational command strategies, useful resource improvement, scripting strategies, detection evasion, social engineering, and brute drive assaults. Because of this Microsoft now tracks any malicious use of recent AI fashions we launch and proactively prevents recognized risk actors from utilizing our AI merchandise. This additionally underscores the significance of safe improvement and rigorous testing of AI fashions, leveraging AI to learn cyber defenders, and shut public-private partnerships to share the newest insights about AI and cybersecurity.
Rising AI-based risk intelligence sharing with governments
Microsoft’s Authorities Safety Program (GSP) has lengthy supplied governments with confidential safety data and assets to assist them higher perceive our merchandise and the evolving risk panorama, notably threats from nation-state actors. Constructing on current efforts, our new European Safety Program will improve the move and develop entry to actionable risk intelligence to European governments. Tailor-made to discrete nationwide risk environments utilizing AI insights, and delivered, when attainable, in actual time, this program is designed to assist governments keep forward of advancing cyber threats by means of:
- Leveraging risk intelligence insights – Microsoft tracks probably the most subtle nation-state cyber exercise, providing well timed insights into evolving international threats. We use AI to assist our evaluation, which has improved our visibility and accelerated our means to share the newest intelligence on the techniques, strategies, and procedures utilized by superior persistent risk actors, together with the malicious use of AI. By offering extra data and quicker, Microsoft will assist European governments strengthen their cyber resilience and allow proactive protection.
- Increasing cybercrime reporting – The Microsoft Digital Crimes Unit (DCU) performs a essential function in detecting and disrupting international cybercriminal infrastructure, producing invaluable real-time intelligence within the course of. As a part of this new effort, we’re increasing the supply of this intelligence to trusted European companions to assist speedy response and coordinated enforcement motion by means of the Cybercrime Menace Intelligence Program (CTIP).
- Offering overseas affect operations updates – The Microsoft Menace Evaluation Middle (MTAC) continues to observe affect operations in Europe, that are more and more utilizing AI to mislead and deceive with deepfake artificial media. MTAC additionally makes use of AI to search for commonalities throughout operations and can present common intelligence briefings on overseas affect, providing well timed insights into the techniques, narratives, and digital platforms leveraged by state-affiliated actors. These briefings assist policymakers and safety stakeholders keep forward of evolving disinformation campaigns and hybrid threats concentrating on democratic establishments and public belief.
- Figuring out vulnerabilities and prioritizing safety communications – Microsoft is dedicated to proactive and clear safety communications, notably within the face of rising threats and evolving vulnerabilities. We offer prospects with well timed, actionable intelligence by means of structured applications such because the Menace Microsoft Safety Replace Information, Vulnerability Reporting course of, and Microsoft Defender Vulnerability Administration. As a part of this expanded dedication, we’ll supply prioritized discover of safety communications, together with vulnerability remediation steerage to our European Safety Program companions, serving to to boost situational consciousness and enabling quicker responses.
Taking part governments can have a devoted Microsoft level of contact to coordinate responses and escalate issues. These efforts are designed to enhance situational consciousness and to assist quicker, extra coordinated motion throughout borders.
Making extra investments to strengthen cybersecurity capability and resilience
Digital resilience—the power to anticipate, face up to, get better from, and adapt to cyber threats and disruptions—requires greater than know-how. It requires funding in individuals, establishments, and partnerships. As a part of the European Safety Program, we’re investing extra assets to additional our work with European governments, civil society, and innovators to strengthen native capabilities and construct long-term resilience. Highlights embrace:
- Strengthening public-private collaboration – Microsoft has launched a brand new pilot program with Europol’s European Cybercrime Centre (EC3), embedding Microsoft Digital Crimes Unit (DCU) investigators at EC3 headquarters in The Hague to boost intelligence sharing and operational coordination. Via this enhanced collaboration, we’ll allow joint investigations, establish quicker risk identification, and be higher positioned to disrupt cybercriminal exercise concentrating on European establishments and residents extra successfully.
- Supporting civil society and defending in opposition to ransomware – Microsoft has renewed our three-year partnership with the CyberPeace Institute to assist NGOs and to advertise accountability for dangerous actors, together with almost 100 Microsoft workers volunteering their time and experience to assist defend probably the most weak in our on-line world. We are going to proceed to assist the Institute’s efforts to hint ransomware origins, establish secure havens, and uncover potential hyperlinks to nation-state actors.
- Increasing cybersecurity assist to the Western Balkans – Via a brand new collaboration with the Western Balkans Cyber Capability Centre (WB3C), Microsoft will scale cybersecurity in a area the place malicious actors have lengthy sought to destabilize international locations bordering the EU. Microsoft stands firmly in protection of Ukraine and is now extending that dedication with WB3C to assist scale cybersecurity capabilities in a geopolitically delicate and digitally under-resourced area, aligning with broader European cybersecurity priorities.
- Advancing AI safety and innovation – Microsoft is investing extra assets to assist analysis, develop the cybersecurity expertise pipeline, and take a look at superior AI-assisted safety instruments in real-world environments utilizing Microsoft’s safety stack and Azure and Copilot capabilities. We’re working with the UK’s Laboratory for AI Safety Analysis (LASR), a public-private partnership established to advance AI safety in assist of UK’s nationwide safety and financial prosperity. Collectively, we’re launching a joint analysis program targeted on AI-cybersecurity challenges with a give attention to essential infrastructure and agentic AI safety, with an preliminary funding from Microsoft and research-collaboration between LASR and Microsoft Safety Analysis Middle.
- Securing open-source innovation – Via the lately launched GitHub Safe Open Supply Fund, we’ll assist open-source tasks that underpin the digital provide chain, catalyze innovation, and are essential to the AI stack. By elevating the safety posture for European tasks comparable to Log4J and Scancode, that are essential to the IT methods of governments and firms throughout the continent, this system goals to scale back future safety vulnerabilities. Making certain these instruments can constantly face up to and sustainably defend in opposition to subtle cyber threats is important to strengthening cyber resilience.
These new and enhanced initiatives replicate our perception that cybersecurity is a collective endeavor—and that Europe’s digital resilience should be constructed from the bottom up.
Increasing partnerships to disrupt cyberattacks and dismantle cybercriminal networks
Lastly, as a part of our European Safety Program we’re increasing our partnerships with legislation enforcement and regional actors to proactively establish new and revolutionary methods to disrupt malicious and legal exercise.
As an illustration, final month, Microsoft’s Digital Crimes Unit (DCU) labored with Europol and others to take down Lumma, a prolific infostealer malware used to steal passwords, monetary information, and crypto wallets. In simply two months, Lumma contaminated almost 400,000 units globally, a lot of them in Europe. The operation seized or blocked over 2,300 command-and-control domains. Off the again of this motion, we’re working with Europol to establish new alternatives to proceed to meaningfully disrupt and deter cybercrime.
To speed up future takedowns, we additionally launched the Statutory Automated Disruption (SAD) Program in April 2025. This initiative automates authorized abuse notifications to internet hosting suppliers, enabling quicker elimination of malicious domains and IP addresses. Targeted initially on Europe and the U.S., SAD raises the price of doing enterprise for cybercriminals and makes it tougher for them to function at scale.
As well as, we’re working with native web service suppliers to assist remediate affected customers and guarantee governments have higher visibility into rising threats.
The DCU has lengthy performed a number one function in proactively combating cyber threats, together with these originating from nation-state actors. Since 2016, Microsoft has filed seven authorized actions to highlight and disrupt nation-state risk actors from international locations comparable to Russia, China, Iran, and North Korea, which we discuss with internally by the weather-themed names Blizzard, Storm, Sandstorm, and Sleet, respectively. Most lately, in September 2024, Microsoft initiated a disruption motion in opposition to the Russian actor Star Blizzard, talked about above, recognized for hacking political targets surrounding UK’s 2022 elections and concentrating on NATO international locations to advance its geopolitical pursuits involving Ukraine. Microsoft uncovered the Russian actors and instantly seized over 140 malicious domains in complete, considerably blunting ongoing campaigns and forcing Star Blizzard to considerably alter its assault strategies to different platforms, which Microsoft Menace Intelligence thereafter publicly uncovered in a safety weblog. We are going to proceed to behave in opposition to these looking for to hurt prospects, governments, and particular person customers. These efforts are a part of our broader technique to associate with legislation enforcement throughout Europe. We’re already engaged on coordinated disruptions to guard the digital ecosystem, and we stand prepared to offer strong incident response providers throughout crises, guaranteeing our companions and prospects are by no means alone within the face of cyber adversity.
We additionally imagine that deterrence is a essential pillar of contemporary cybersecurity. The EU’s Cyber Diplomacy Toolbox performs a significant function on this effort, serving to to coordinate disaster response and ship a transparent message that malicious exercise is not going to go unanswered—legally, operationally, or reputationally.
Taken collectively, operations just like the Lumma disruption, the launch of SAD, and future coordinated disruptions are serving to to stop cybercriminals and state actors from establishing malicious infrastructure in Europe.
* * *
At Microsoft, our dedication to Europe is deep, enduring, and unwavering. We imagine that Europe’s digital future is among the most necessary alternatives of our time—and defending that future is a duty we share. We are going to stand shoulder to shoulder with European governments, establishments, and communities to defend in opposition to threats, construct capability, and strengthen resilience. We’re proud to be a trusted associate to Europe, and we’ll proceed to work daily to earn belief by means of transparency, collaboration, and a steadfast dedication to defending what issues most.
