Secret Blizzard, a Russian state-affiliated threat actor, is conducting espionage campaigns targeting foreign embassies in Moscow using sophisticated AitM attacks and custom malware called ApolloShadow. The campaign involves credential theft, persistent device control, and bypassing security measures, posing significant risks to diplomatic personnel and sensitive information. #SecretBlizzard #ApolloShadow
Keypoints
- Secret Blizzard is deploying ApolloShadow malware through adversary-in-the-middle attacks at ISPs in Moscow.
- The malware installs trusted root certificates to gain persistent access and bypass security defenses on diplomatic devices.
- Initial access is achieved by redirecting devices through captive portals that lead to malicious payloads.
- The campaign involves sophisticated techniques like abuse of Windows services and privilege escalation to maintain control.
- Recommendations include implementing least privilege principles, reviewing privileged groups, and routing traffic through encrypted channels.
Read More: https://thehackernews.com/2025/07/secret-blizzard-deploys-malware-in-isp.html