Start your day with intelligence. Get The OODA Daily Pulse.
Russian APT targets diplomats via ISP-Level malware campaign
Russian state-sponsored group Secret Blizzard has been deploying custom malware, ApolloShadow, against diplomatic personnel in Moscow using adversary-in-the-middle (AitM) attacks. The campaign exploits ISP-level access, likely enabled by Russia’s domestic surveillance system SORM, to redirect victims through captive portals and install fake root certificates. Once activated, the malware modifies system settings, creates a persistent admin account, and enables file sharing. Microsoft urges organizations to use encrypted tunnels, apply least privilege principles, and implement strong cybersecurity measures to mitigate risk.
Read more: