Menu

Microsoft: Russian Intelligence Hackers Attacked Foreign Embassies in Moscow

By
Photo: Microsoft: Russian Intelligence Hackers Attacked Foreign Embassies in Moscow. Source: The Gaze collage by Leonid Lukashenko
Photo: Microsoft: Russian Intelligence Hackers Attacked Foreign Embassies in Moscow. Source: The Gaze collage by Leonid Lukashenko

The Russian hacker group Secret Blizzard, which is directly linked to Russia's Federal Security Service, used the state communications interception system (SORM) for cyber espionage against foreign embassies in Moscow.

The Gaze reports on it, referring to a Microsoft Threat Intelligence report from 31 July.

According to Microsoft, the Secret Blizzard group (also known as Turla) organised a large-scale cyber espionage campaign against foreign embassies operating in Moscow. The hackers gained access to Russian internet providers and used their infrastructure to intercept the internet traffic of diplomatic institutions.

Experts determined that the attack was carried out using the Adversary-in-the-Middle (AiTM) technique, which allows interference in communications between the victim and the server in order to intercept data.

During the attacks, hackers installed ApolloShadow malware on diplomatic devices, which allowed them to carry out a so-called ‘HTTPS downgrade attack’ (TLS/SSL stripping), i.e. to make the victims' encrypted traffic public, including logins, passwords, authentication tokens and other sensitive information. 

In addition, ApolloShadow installed a trusted root certificate from Kaspersky Lab on the devices, which the victims' systems recognised as secure and allowed hackers to create the appearance of a secure connection even with fake or infected sites. In this way, the group gained long-term control over the devices of foreign diplomats.

Experts believe that the System of Operational-Investigative Measures (SORM), a Russian state system that allows law enforcement agencies to intercept Internet traffic in real time, played a key role in this large-scale cyberattack.

Secret Blizzard has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA) as a division of the FSB's ‘Centre 16’. This structure is one of the world's leading state hacking groups and is systematically used by Russia in cyber wars and influence campaigns.

Secret Blizzard has previously attacked foreign ministries, particularly in Eastern Europe, forcing users to download infected software from controlled servers. 

As The Gaze reported earlier, the British Ministry of Defence repelled a cyberattack by hackers linked to Russia who posed as journalists.

Similar articles

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them. Cookie Policy

Outdated Browser
Для комфортної роботи в Мережі потрібен сучасний браузер. Тут можна знайти останні версії.
Outdated Browser
Цей сайт призначений для комп'ютерів, але
ви можете вільно користуватися ним.
67.15%
людей використовує
цей браузер
Google Chrome
Доступно для
  • Windows
  • Mac OS
  • Linux
9.6%
людей використовує
цей браузер
Mozilla Firefox
Доступно для
  • Windows
  • Mac OS
  • Linux
4.5%
людей використовує
цей браузер
Microsoft Edge
Доступно для
  • Windows
  • Mac OS
3.15%
людей використовує
цей браузер
Доступно для
  • Windows
  • Mac OS
  • Linux