Microsoft confirms that Russian cyber-espionage group Secret Blizzard is actively surveilling foreign embassies in Moscow by deploying malware through ISP-level attacks. This campaign leverages lawful intercept systems and AiTM techniques, representing a significant escalation in state-sponsored cyber operations. #SecretBlizzard #Turla #ApolloShadow
Keypoints
- Secret Blizzard, linked to Russiaβs FSB, is conducting ongoing cyber-espionage since 2024 targeting foreign embassies in Moscow.
- The group utilizes adversary-in-the-middle (AiTM) techniques and ISP-level malware deployment, including ApolloShadow.
- Microsoft highlights the use of lawful intercept systems like SORM to facilitate secret surveillance activities.
- The malware affects diplomatic systems by redirecting devices through captive portals to download malicious tools.
- The campaign poses high risks to diplomatic entities and could influence future state-sponsored cyber operations globally.
Read More: https://therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level