Cybersecurity is a deeply nuanced field, demanding that security practitioners work around the clock to unearth meaningful, timely insights from an ever-growing pool of disparate data signals. At Microsoft alone, we synthesize 65 trillion signals every day across all types of devices, apps, platforms, and endpoints in order to understand our current threat landscape. \n\nHowever, viewing this data in isolation is not enough. Security teams must also consider the broader geopolitical context from which these security signals emerged. After all, if security practitioners hope to uncover the \u201cwhy\u201d behind criminal activity, they must first examine the confluence of cyber threat and geopolitical intelligence analysis. This strategic analysis of nation-state cyber threat activity is also critical for preparing and protecting vulnerable audiences who may become the target of future attacks.\n\nFor example, during the run-up to Russia\u2019s full-scale invasion of Ukraine in 2022, the Microsoft Threat Intelligence team identified Ukrainian customers at risk for cyberattacks in the event of conflict escalation. This analysis was based on likely sectors that a nation at war would target to weaken its adversary, as well as the locations of unpatched and vulnerable systems. Establishing that monitoring practice and tipping off Ukrainian partners to vulnerabilities in advance helped threat-hunting teams harden vulnerabilities, spot anomalous activity, and push product protections faster.\n\nSo, what does this geopolitical analysis look like today?\n\nContextualized threat intelligence in action: A Russia-Ukraine case study\n\nMicrosoft\u2019s threat intelligence and data science teams have long been involved with Russia\u2019s war on Ukraine, partnering closely with our allies to lend support to Ukraine\u2019s digital defense since the start of Russia\u2019s invasion.\n\nRecently, Microsoft has observed a rapid evolution of digital warfare tactics on the battlefields of Ukraine, where cyberattacks and malign influence campaigns converge as parts of a broader warfighting strategy. In particular, non-state actors like cyber volunteers, hacktivists, and the private sector have taken an increasingly active role in the conflict. Russia-affiliated cyber and influence actors have also been known to leverage cyber activity, use propaganda to promote Kremlin-aligned narratives within target audiences, and stoke divisions within European populations.\n\nBelow are five key tactics that Microsoft has observed throughout the course of Russia\u2019s war on Ukraine:\n\nMicrosoft\u2019s work with Ukraine has only served to underline the importance of new partnerships between public and private entities. By hunting for threat activity, writing code to fortify security products, and raising awareness of threat trends, the collective security community can harden defenses not just for Ukraine, but for networks worldwide. After all, think tanks, educational institutions, and consultancies are among the most frequently targeted sectors of the economy.\n\nVisit Microsoft Security Insider to learn more about the latest cybersecurity threats at home and abroad.