Microsoft has launched an ambitious European Security Program that aims to disrupt the infrastructure of cybercriminals and nation-state actors that threaten the continent’s digital landscape.
The initiative, announced in Berlin by Microsoft’s President Brad Smith, responds to a rise in sophisticated attacks from actors in Russia, China, Iran, and North Korea, as well as the continuous evolution of ransomware groups.
As digital technologies and artificial intelligence (AI) transform cyber threats, Microsoft is expanding efforts to defend Europe’s digital ecosystem through advanced technology and strengthened partnerships.
AI-Driven Threat Intelligence And Rapid Response
At the heart of the new European Security Program is the increased sharing of AI-powered threat intelligence with European governments.
This real-time, actionable intelligence is tailored to each country’s specific threat environment and leverages AI to sift through vast streams of telemetry data.
Microsoft’s technology analyzes patterns of malicious behavior, such as credential theft and exploitation of software vulnerabilities, to detect sophisticated campaigns that would otherwise go unnoticed.
The goal is to empower governments to stay ahead of evolving threats by providing timely updates on advanced persistent threat (APT) actor tactics, including the growing misuse of AI.
For example, cybercriminals and nation-state actors are using AI for reconnaissance, vulnerability research, automated scripting, detection evasion, social engineering, and brute force attacks.
Microsoft now closely monitors its AI offerings to prevent known threat actors from leveraging them, while investing heavily in secure AI model development and testing.
With the help of programs such as the Microsoft Threat Analysis Center, the company delivers intelligence briefings on foreign influence operations, particularly those using AI-generated deepfakes and synthetic media to mislead, manipulate, or disrupt democratic processes.
Tailored insights equip policymakers, security agencies, and IT teams with the knowledge needed to counter these digital threats.
Microsoft’s Digital Crimes Unit (DCU) is also scaling up its Cybercrime Threat Intelligence Program, which provides law enforcement agencies and trusted partners access to real-time intelligence about the infrastructure supporting ransomware and other cybercriminal activities.
In a recent high-profile case, Microsoft’s DCU and Europol successfully dismantled the Lumma infostealer malware network that had infected nearly 400,000 devices, many within Europe.
This operation seized or blocked over 2,300 command-and-control domains and exemplified the rapid, intelligence-led action made possible by Microsoft’s automated technologies.
Expanding Partnerships And Building European Cyber Resilience
The European Security Program is not just about technology; it is fundamentally about partnership.
- Microsoft is deepening collaboration with organizations like Europol’s European Cybercrime Centre (EC3), embedding DCU investigators to enhance intelligence sharing and operational coordination.
- This allows for faster threat identification and more effective disruption of criminal networks targeting European institutions and citizens.
- In recognition that digital resilience depends on people and institutions as much as on technology, Microsoft is investing in cybersecurity education, capacity building, and research.
The company is supporting civil society through renewed partnerships with organizations like the CyberPeace Institute, which helps NGOs trace ransomware attacks and promotes accountability for cybercriminals and their enablers.
Furthermore, Microsoft is extending cybersecurity support to the Western Balkans, a region particularly vulnerable to destabilizing cyber activity, and partnering with the UK’s Laboratory for AI Security Research to advance research into AI security and the protection of critical infrastructure.
A key element of the new initiative is the Statutory Automated Disruption (SAD) Program, which began in April 2025.
This program automates legal abuse notifications to hosting providers, enabling much faster removal of malicious domains and IP addresses.
By raising the cost and risks for cybercriminals operating at scale and giving local internet service providers more tools to remediate threats, Microsoft is making it harder for cyber actors to establish and maintain their infrastructure across Europe.
Microsoft’s actions, whether through rapid takedowns, real-time intelligence sharing, or public-private partnerships, send a clear message that Europe will not allow cybercriminals or foreign adversaries to operate with impunity.
The new European Security Program is offered free of charge to all EU member states, accession countries, and members of the European Free Trade Association, reinforcing Microsoft’s long-term commitment to digital security, capacity building, and the protection of Europe’s digital future.
