Microsoft: Russian Intelligence Hackers Attacked Foreign Embassies in Moscow

By Max Radchuk

08.01.2025 13:23

Photo: Microsoft: Russian Intelligence Hackers Attacked Foreign Embassies in Moscow. Source: The Gaze collage by Leonid Lukashenko

The Russian hacker group Secret Blizzard, which is directly linked to Russia's Federal Security Service, used the state communications interception system (SORM) for cyber espionage against foreign embassies in Moscow.

The Gaze reports on it, referring to a Microsoft Threat Intelligence report from 31 July.

According to Microsoft, the Secret Blizzard group (also known as Turla) organised a large-scale cyber espionage campaign against foreign embassies operating in Moscow. The hackers gained access to Russian internet providers and used their infrastructure to intercept the internet traffic of diplomatic institutions.

Experts determined that the attack was carried out using the Adversary-in-the-Middle (AiTM) technique, which allows interference in communications between the victim and the server in order to intercept data.

During the attacks, hackers installed ApolloShadow malware on diplomatic devices, which allowed them to carry out a so-called ‘HTTPS downgrade attack’ (TLS/SSL stripping), i.e. to make the victims' encrypted traffic public, including logins, passwords, authentication tokens and other sensitive information.

In addition, ApolloShadow installed a trusted root certificate from Kaspersky Lab on the devices, which the victims' systems recognised as secure and allowed hackers to create the appearance of a secure connection even with fake or infected sites. In this way, the group gained long-term control over the devices of foreign diplomats.

Experts believe that the System of Operational-Investigative Measures (SORM), a Russian state system that allows law enforcement agencies to intercept Internet traffic in real time, played a key role in this large-scale cyberattack.

Secret Blizzard has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA) as a division of the FSB's ‘Centre 16’. This structure is one of the world's leading state hacking groups and is systematically used by Russia in cyber wars and influence campaigns.

Secret Blizzard has previously attacked foreign ministries, particularly in Eastern Europe, forcing users to download infected software from controlled servers.

As The Gaze reported earlier, the British Ministry of Defence repelled a cyberattack by hackers linked to Russia who posed as journalists.

Read The Gaze articles in Google News

Recommended

Beyond the Obvious: Five Hypothetical Alliances that Could Stop the War

What Must Happen Before the End of Trump’s Ultimatum to Putin

Lublin Triangle, Romania and Moldova to Hold Joint Talks in Ukraine’s Chernivtsi

U.S. Soldier Charged With Trying to Pass Abrams Tank Data to Russia

Lithuanian FM Urges NATO Action After Russian Drone Enters Country

Similar articles

Ukraine Pushes Bold Plan to Reform OSCE and Curb Russian Obstruction

Trump Orders Deployment of Two Nuclear Submarines, Declares Full Readiness for Nuclear War with Russia

Russia Threatens Ukrainian Parents with Child Removal over Passport Refusals

Death Toll Rises to 28 Following Massive Russian Strike on Kyiv

MPs from Various Countries Stage Demarche Against Russian Council Speaker at Swiss Conference

Bloomberg: US Moves Additional Nuclear Weapons to UK