Microsoft reports that a Russian-linked cyber-espionage group, Secret Blizzard, is targeting diplomatic missions in Moscow via ISP-level attacks using the AiTM technique and custom malware. This campaign poses a significant threat to foreign embassies and government entities relying on local internet providers in Russia. #SecretBlizzard #Turla #ApolloShadow #RussianFsb #DiplomaticEspionage
Keypoints
- Secret Blizzard, linked to Russiaβs FSB, exploits ISP-level vulnerabilities to target diplomatic systems in Moscow.
- The group uses captive portals to deliver malware disguised as legitimate antivirus software.
- Once infected, they install a root certificate to maintain long-term espionage access to compromised devices.
- The campaign has been active since at least 2024, with detections confirmed in early 2025.
- Turla leverages Russiaβs interception systems and hijacked infrastructure of other threat actors to facilitate attacks.