Cybersecurity

Microsoft presents the global cybercrime counter programme for Europe

The European Security Programme seeks to provide a more organised and coherent response to the evolution of both governmental and criminal cyber threats

4 June 2025

5' min read

At the end of April, Microsoft announced a series of investments and initiatives in the Old Continent to underline its willingness to support European technological development. In the articulate speech, it started from the Cloud to cyber resilience, promising reliable and lasting support regardless of geopolitical turmoil. A little over a month later, here is the announcement in Berlin of the ambitious high-level cyber security programme, aimed mostly at European and state-level support. The European Security Program seeks to provide a more organised and coherent response to evolving cyber threats, both governmental (those conducted by state hackers) and criminal, and aims to strengthen the cyber resilience of European governments, consolidate defensive capabilities through strategic partnerships, and foster real-time intelligence sharing.

Sophisticated threats in a fragile geopolitical context

Europe is one of the main theatres of action for many cyber groups sponsored by states such as Russia, China, Iran and North Korea, each with their own peculiarities and modalities. The bulk of Russian operations these days, for instance and predictably, focus on targets related to Ukraine and nations supporting the Kiev government. China, on the other hand, has been increasingly targeting academic circles and strategic think tanks, with the aim of gaining access to sensitive research data. Iran and North Korea, for their part, are involved in digital espionage campaigns, often based on stealing credentials or using vulnerabilities to penetrate government or corporate networks, but the Pyongyang regime in particular does not disdain to pull off a few high-value ransomware attacks to oil its financial resources severely strained by the international embargo. As far as traditional cybercrime is concerned, i.e. that motivated exclusively by economic aims, it should be noted that it is becoming more and more organised and evolving with increasingly accessible and powerful ransomware-as-a-service models, making the cybercriminal's career within anyone's reach also thanks to the advent of AI, which is used extensively for reconnaissance activities, malware development, evasion of defences, script creation and targeted attacks.

AI-based intelligence sharing with European governments

The scenario is therefore very complex and the idea of tackling it in an organised manner is certainly worthy of praise. It is a little strange that such a well-articulated plan should come from a private entity (and even from outside the EC) instead of being developed by the supranational government. Going into detail, the plan has three main pillars on which to base its operations. The first is the extension of security information sharing with European governments. Besides providing up-to-date and customised data on national threats, Microsoft intends to offer operational insights generated with the support of AI. The information covers the tactics, techniques and procedures of APT groups (Advanced Persistent Threat, the most organised and powerful groups, often connected to governmental entities), including malicious uses of artificial intelligence.

The programme also includes access to the Cybercrime Threat Intelligence Program (CTIP), based on the work of Microsoft's Digital Crimes Unit, which provides timely information on the criminal infrastructure to support coordinated actions with law enforcement agencies. Equally central is the monitoring of foreign influence operations conducted by state hacker groups. These campaigns, which are increasingly supported by AI, are analysed by the Microsoft Threat Analysis Center, which offers detailed reports on platforms, narratives and methods used to alter public perception and undermine trust in democracy.

In addition, security communications, including vulnerabilities and patches, will be made available to programme partners in advance to increase situational awareness and shorten response times.

Powering digital resilience with targeted investments

The second pillar is targeted investment in cybersecurity. Security cannot rely solely on advanced technologies, but requires investments in human capital, local structures and strategic alliances. For this reason, the company decided to strengthen cooperation with Europol's European Cybercrime Centre (EC3) by placing specialists of its Digital Crimes Unit directly in the headquarters of the European body in The Hague. This should speed up the sharing of intelligence, improve investigations and speed up operations to dismantle the infrastructure used by criminals.

Another initiative concerns support for civil society, with the renewal of the partnership with the CyberPeace Institute to help NGOs defend themselves against ransomware and other attacks. In this context, Microsoft has made dozens of employee volunteers available to support the most vulnerable organisations.

A significant part of the programme focuses on the Western Balkans, a geopolitically less stable and relatively unorganised region in terms of digital security. The cooperation with the Western Balkans Cyber Capacity Centre aims to strengthen the local security posture in line with European priorities.

Subsidiaries in the various states will also be involved in the 'big project', carrying out initiatives on the ground mostly aimed at training specialised personnel, researching licit and less licit uses of AI, and implementing AI-based defence tools tested in real environments.

Last on the list, but under special surveillance for many months already, is Open Source. Projects carried out by communities of volunteers form the basis of important pieces of the world's IT infrastructure and commercial software. For some time now, a considerable effort has been seen by criminals and state hackers to infiltrate these communities and plant pieces of malicious software in libraries and tools used by millions of developers worldwide. Through the GitHub Secure Open Source Fund, Microsoft will support key projects such as Log4J, Scancode and many others used in enterprise contexts and already the subject of attempted (or successful) breaches in the past. The goal is to prevent new vulnerabilities and improve the sustainability of defence against advanced attacks, reducing the systemic risk for the entire continent.

Joint operations to dismantle threats

Finally, the third pillar is the destruction of the infrastructure used by criminals. Criminals also need servers, websites, Internet-accessible services and so on to carry out their shady operations. International police groups, such as the FBI or Europol, are constantly at work to dismantle these infrastructures and disrupt (or at least greatly slow down) the work of criminals.

To speed up such future operations, Microsoft launched the Statutory Automated Disruption (SAD) programme in April 2025, which automates the notification of legal abuse to hosting providers, accelerating the removal of malicious domains and IPs. The programme, currently active in Europe and the US, aims to increase the operational cost of cybercrime and make it less sustainable.

A structural and continuous commitment to European digital security

The European Security Program is clearly intended to strengthen Microsoft's image on the European market to counter the negative fallout caused by the Trump government's reckless initiatives, and it must be admitted that it is a good initiative. In addition to technical support, the programme covers human resources, know-how and has a comprehensive and integrated approach to digital security involving the technological, regulatory and socio-political dimensions. Will it be enough to restore market confidence in American hi-tech companies? Hard to say, but the path will bring something good anyway, if only because it addresses the issue in a global manner, without breaking it up into the hands of individual states.