[...]It’s the kind of work tech and security firms do for customers as part of standard contracts and doesn’t usually generate controversy or legal issues. But experts say the same activities conducted in the midst of war introduces legal complications and raises the risk that security workers, infrastructure and customer data could become targets of Russia, who might view them as legitimate military targets.

Microsoft itself noted in a report last week that Russia is increasingly targeting foreign-based entities providing support services to Ukraine, citing an October ransomware attack that struck unspecified targets in transportation and logistics industries in Poland.

“We should … be prepared for the possibility that [the attack] in Poland may be a harbinger of Russia further extending cyberattacks [on] countries and companies that are providing Ukraine with vital supply chains of aid and weaponry,” wrote Clint Watts, general manager of Microsoft’s Digital Threat Analysis Center.

The same could apply to companies providing cybersecurity aid.

Experts differ in opinion about whether Russia would have a legal basis to target security firms for helping Ukraine, but since Russia has already shown a disregard for international law through its invasion of Ukraine, this likely wouldn’t deter it.