Microsoft: Russian Intelligence Hackers Attacked Foreign Embassies in Moscow

The Russian hacker group Secret Blizzard, which is directly linked to Russia's Federal Security Service, used the state communications interception system (SORM) for cyber espionage against foreign embassies in Moscow.
The Gaze reports on it, referring to a Microsoft Threat Intelligence report from 31 July.
According to Microsoft, the Secret Blizzard group (also known as Turla) organised a large-scale cyber espionage campaign against foreign embassies operating in Moscow. The hackers gained access to Russian internet providers and used their infrastructure to intercept the internet traffic of diplomatic institutions.
Experts determined that the attack was carried out using the Adversary-in-the-Middle (AiTM) technique, which allows interference in communications between the victim and the server in order to intercept data.
During the attacks, hackers installed ApolloShadow malware on diplomatic devices, which allowed them to carry out a so-called ‘HTTPS downgrade attack’ (TLS/SSL stripping), i.e. to make the victims' encrypted traffic public, including logins, passwords, authentication tokens and other sensitive information.
In addition, ApolloShadow installed a trusted root certificate from Kaspersky Lab on the devices, which the victims' systems recognised as secure and allowed hackers to create the appearance of a secure connection even with fake or infected sites. In this way, the group gained long-term control over the devices of foreign diplomats.
Experts believe that the System of Operational-Investigative Measures (SORM), a Russian state system that allows law enforcement agencies to intercept Internet traffic in real time, played a key role in this large-scale cyberattack.
Secret Blizzard has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA) as a division of the FSB's ‘Centre 16’. This structure is one of the world's leading state hacking groups and is systematically used by Russia in cyber wars and influence campaigns.
Secret Blizzard has previously attacked foreign ministries, particularly in Eastern Europe, forcing users to download infected software from controlled servers.
As The Gaze reported earlier, the British Ministry of Defence repelled a cyberattack by hackers linked to Russia who posed as journalists.