A Russian state actor, Secret Blizzard, has conducted a covert cyberespionage campaign targeting foreign embassies in Moscow using sophisticated malware called ApolloShadow. The operation exploits Russia’s telecommunications infrastructure to intercept, decrypt, and steal sensitive diplomatic information. #SecretBlizzard #ApolloShadow
Keypoints
- Secret Blizzard is a Russian state-sponsored cyberespionage group targeting foreign embassies in Moscow.
- The campaign employs a custom malware, ApolloShadow, capable of manipulating system certificates and masquerading as legitimate applications.
- Attackers gain initial access through ISP-level redirection and fake certificate prompts, leading to malware deployment.
- Once installed, ApolloShadow establishes long-term persistence by creating a non-expiring administrative user and installing trusted root certificates.
- The operation leverages lawful intercept tools like SORM, enabling surveillance at the ISP level in Russia.