Russian hackers have been using adversary-in-the-middle (AitM) attacks to deploy malicious malware, targeting diplomatic devices in Moscow since 2024. The threat actor, known as Secret Blizzard or Krypton, has leveraged Russia’s domestic intercept systems to facilitate large-scale cyberespionage operations. #ApolloShadow #SecretBlizzard
Keypoints
- The hackers used AitM attacks to inject malware into devices belonging to foreign diplomatic personnel in Moscow.
- The campaign involves redirecting devices through captive portals to deliver the ApolloShadow malware.
- Russian state-sponsored group Secret Blizzard has exploited Russia’s domestic intercept systems for their operations.
- The malware exploits Windows certutil utility and creates a backdoor with a hardcoded admin account.
- Organizations in Moscow are advised to route traffic through encrypted tunnels and implement strong access controls to mitigate risks.