Russian espionage efforts involve using ISP-level intercepts to target foreign embassies in Moscow and steal sensitive information. The campaign, conducted by the Kremlin-backed group Secret Blizzard, exploits adversary-in-the-middle (AiTM) attacks facilitated by lawful intercept agreements. #SecretBlizzard #VenomousBear #KremlinCyberThreats #ApolloShadowMalware #MoscowEmbassies
Keypoints
- Russian cyber-espionage group Secret Blizzard targets foreign embassies in Moscow using ISP infrastructure.
- The attackers leverage lawful intercept capabilities at the ISP level to conduct AiTM attacks.
- The campaign involves redirecting devices to malicious sites via captive portals and injecting malware.
- ApolloShadow malware grants persistent, elevated access on infected devices and can bypass security measures.
- Microsoft recommends using encrypted VPNs or trusted networks for sensitive communications in Moscow.
Read More: https://www.theregister.com/2025/07/31/kremlin_goons_caught_abusing_isps/