embassies

Recent findings from Microsoft Threat Intelligence indicate that Russian state hackers are targeting foreign embassies in Moscow using a sophisticated malware called ApolloShadow, which disguises itself as Kaspersky antivirus software. This malware installs a TLS root certificate, allowing hackers to impersonate trusted websites accessed by compromised systems within the embassies. The attacks are categorized as adversary-in-the-middle (AiTM) attacks, enabling hackers to intercept and manipulate communications. The group behind these attacks, known as Secret Blizzard, has a history of targeting Ukrainian military technology and has now expanded its operations to conduct cyber espionage within Russia. Diplomats using local ISPs or telecommunications services in Russia are considered likely targets for these activities, which may utilize Russia's domestic intercept systems like the System for Operative Investigative Activities (SORM).