Start your day with intelligence. Get The OODA Daily Pulse.

Home > Briefs > Cyber > Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft

Russian APT targets diplomats via ISP-Level malware campaign

Russian state-sponsored group Secret Blizzard has been deploying custom malware, ApolloShadow, against diplomatic personnel in Moscow using adversary-in-the-middle (AitM) attacks. The campaign exploits ISP-level access, likely enabled by Russia’s domestic surveillance system SORM, to redirect victims through captive portals and install fake root certificates. Once activated, the malware modifies system settings, creates a persistent admin account, and enables file sharing. Microsoft urges organizations to use encrypted tunnels, apply least privilege principles, and implement strong cybersecurity measures to mitigate risk.

Read more:

https://www.securityweek.com/russian-cyberspies-target-foreign-embassies-in-moscow-via-aitm-attacks-microsoft/