Microsoft reported that Russia’s Federal Security Service conducted a cyber ‑ espionage campaign targeting foreign embassies in Moscow. Microsoft identified the threat actor as a hacking group known as Secret Blizzard or Turla. Microsoft stated that the campaign has been ongoing since at least 2024. Microsoft confirmed that the espionage operations began in February 2025. Microsoft explained that the campaign used Internet Service Provider level access in Moscow. Microsoft researchers said that the threat actor employed adversary ‑ in ‑ the ‑ middle techniques. Microsoft described that the attackers installed custom malware called ApolloShadow. Microsoft reported that the malware disabled TLS/SSL encryption to enable plaintext interception. Microsoft disclosed that the attackers masqueraded ApolloShadow as a Kaspersky security update installer. Microsoft noted that the attackers used Russia’s SORM intercept system in conjunction with ISP control. Microsoft warned th...
Authentic Unique World News Summaries Timely