Microsoft had debuted a major new initiative to help fortify Europe’s digital defenses against increasingly sophisticated cyberattacks from state-backed and criminal actors.
The new European Security Program expands of Microsoft’s cybersecurity engagement across the continent, offering governments access to cutting-edge tools, AI-driven intelligence, and strategic partnerships at no cost.
“We are making this program available to European governments, free of charge, including all 27 European Union (EU) member states, as well as EU accession countries, members of the European Free Trade Association (EFTA), the UK, Monaco, and the Vatican,” the company added.
The programme builds on the company’s longstanding Government Security Program (GSP) and puts AI at the core of Europe’s cybersecurity strategy, supporting everything from threat intelligence to infrastructure protection.
“This new program expands the geographic reach of our existing work and adds new elements that will become critical to Europe’s protection. It puts AI at the center of our work as a tool to protect traditional cybersecurity needs and strengthens our protection of digital and AI infrastructure,” Microsoft said.
A Growing Threat from State and Criminal Actors
Microsoft has seen a surge in malicious activity targeting European networks, with Russia and China leading the charge. Russian actors continue to focus heavily on Ukraine and its allies, while China, Iran, and North Korea pursue espionage across government, academic, and corporate targets. Microsoft also reports the rise of Ransomware-as-a-Service (RaaS) operations, increasingly coordinated through criminal syndicates leveraging new forums to share malware insights and expand their reach.
AI is amplifying attackers’ capabilities. Microsoft analysts have tracked threat actors using AI for reconnaissance, scripting, evading detection, social engineering, and brute-force campaigns. In response, Microsoft now blocks known malicious actors from using its AI tools and closely monitors the misuse of its models.
The European Security Program: A Three-Pronged Approach
To meet these challenges, Microsoft’s European Security Program will have three core pillars:
1. AI-Based Threat Intelligence Sharing
Governments across the EU, EFTA, the UK, and other European nations will gain access to advanced, AI-enhanced threat intelligence tailored to their national security contexts.
- Real-time threat insights: Leveraging AI, Microsoft tracks nation-state tactics and rapidly disseminates intelligence on evolving threats.
- Cybercrime disruption support: Through the Digital Crimes Unit (DCU), governments receive access to intelligence from criminal takedowns and infrastructure mapping.
- Foreign influence monitoring: The Microsoft Threat Analysis Center (MTAC) will provide briefings on AI-driven disinformation campaigns.
- Security vulnerability alerts: Partner governments will get prioritized access to vulnerability intelligence and remediation guidance.
Each government will be assigned a dedicated Microsoft contact to coordinate information sharing and escalate incidents when needed.
2. Investing in Cyber Resilience
Microsoft’s commitment extends beyond technology. The company is investing in people, institutions, and public-private partnerships to build lasting resilience.
- Europol collaboration: Microsoft is embedding DCU investigators directly into Europol’s European Cybercrime Centre (EC3) to strengthen joint investigations.
- NGO support: Through its renewed partnership with the CyberPeace Institute, Microsoft is backing civil society organizations against ransomware and other threats.
- Western Balkans initiative: A new partnership with the Western Balkans Cyber Capacity Centre (WB3C) will scale cybersecurity support in a geopolitically sensitive region.
- AI research with LASR: Microsoft and the UK’s Laboratory for AI Security Research are launching a joint research program to address AI-cybersecurity risks across critical infrastructure.
- Securing the software supply chain: With the GitHub Secure Open Source Fund, Microsoft is helping fortify key European open-source projects like Log4J and Scancode.
3. Disrupting Cybercriminal Infrastructure
Microsoft is expanding partnerships with law enforcement to strike at the heart of cybercrime infrastructure across Europe.
In one of the most notable examples, Microsoft worked with Europol to take down Lumma, an infostealer malware that compromised nearly 400,000 devices globally, many in Europe. The takedown blocked over 2,300 domains used to steal passwords, financial data, and crypto wallets.
A new initiative, the Statutory Automated Disruption (SAD) Program, is further ramping up response times by automating abuse notifications to hosting providers. Already active in Europe and the U.S., SAD is designed to make cybercrime harder, riskier, and less scalable.
The DCU continues to lead global efforts to unmask nation-state actors, taking legal action and seizing malicious domains tied to Russia, China, Iran, and North Korea. The September 2024 disruption of Russia’s Star Blizzard group is a case in point: more than 140 domains were taken offline, effectively dismantling one of the group’s major infrastructure campaigns.
Standing Firm with Europe
Microsoft emphasized that these efforts go hand-in-hand with broader diplomatic and legal deterrence strategies. The EU’s Cyber Diplomacy Toolbox remains a crucial framework for unified response and accountability when digital red lines are crossed.
“We also believe that deterrence is a critical pillar of modern cybersecurity. The EU’s Cyber Diplomacy Toolbox plays a vital role in this effort, helping to coordinate crisis response and send a clear message that malicious activity will not go unanswered, legally, operationally, or reputationally,” added the software giant.
“Together, these efforts reflect Microsoft’s long-term commitment to defending Europe’s digital ecosystem—ensuring that, no matter how the threat landscape evolves, we will remain a trusted and steadfast partner to Europe in securing its digital future,” Microsoft concluded
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.